Support dot and other commonly used namespace separators #22
Comments
srikanthccv
pushed a commit
that referenced
this issue
Jun 22, 2024
Addresses: Scanning your code and 410 packages across 83 dependent modules for known vulnerabilities... === Symbol Results === Vulnerability #1: GO-2024-2687 HTTP/2 CONTINUATION flood in net/http More info: https://pkg.go.dev/vuln/GO-2024-2687 Module: golang.org/x/net Found in: golang.org/x/[email protected] Fixed in: golang.org/x/[email protected] Example traces found: #1: cli/root.go:122:52: cli.NewAlertmanagerClient calls config.NewClientFromConfig, which eventually calls http2.ConfigureTransports #2: types/types.go:290:28: types.MultiError.Error calls http2.ConnectionError.Error #3: notify/notify.go:998:21: notify.TimeActiveStage.Exec calls log.jsonLogger.Log, which eventually calls http2.ErrCode.String #4: notify/notify.go:998:21: notify.TimeActiveStage.Exec calls log.jsonLogger.Log, which eventually calls http2.FrameHeader.String #5: notify/notify.go:998:21: notify.TimeActiveStage.Exec calls log.jsonLogger.Log, which eventually calls http2.FrameType.String #6: types/types.go:290:28: types.MultiError.Error calls http2.GoAwayError.Error #7: notify/notify.go:998:21: notify.TimeActiveStage.Exec calls log.jsonLogger.Log, which eventually calls http2.Setting.String #8: notify/notify.go:998:21: notify.TimeActiveStage.Exec calls log.jsonLogger.Log, which eventually calls http2.SettingID.String #9: types/types.go:290:28: types.MultiError.Error calls http2.StreamError.Error #10: api/v2/client/silence/silence_client.go:196:35: silence.Client.PostSilences calls client.Runtime.Submit, which eventually calls http2.Transport.NewClientConn #11: api/v2/client/silence/silence_client.go:196:35: silence.Client.PostSilences calls client.Runtime.Submit, which eventually calls http2.Transport.RoundTrip #12: notify/email/email.go:253:14: email.Email.Notify calls fmt.Fprintf, which eventually calls http2.chunkWriter.Write #13: types/types.go:290:28: types.MultiError.Error calls http2.connError.Error #14: types/types.go:290:28: types.MultiError.Error calls http2.duplicatePseudoHeaderError.Error #15: test/cli/acceptance.go:362:3: cli.Alertmanager.Start calls http2.gzipReader.Close #16: test/cli/acceptance.go:366:22: cli.Alertmanager.Start calls io.ReadAll, which calls http2.gzipReader.Read #17: types/types.go:290:28: types.MultiError.Error calls http2.headerFieldNameError.Error #18: types/types.go:290:28: types.MultiError.Error calls http2.headerFieldValueError.Error #19: api/v2/client/silence/silence_client.go:196:35: silence.Client.PostSilences calls client.Runtime.Submit, which eventually calls http2.noDialH2RoundTripper.RoundTrip #20: types/types.go:290:28: types.MultiError.Error calls http2.pseudoHeaderError.Error #21: notify/email/email.go:253:14: email.Email.Notify calls fmt.Fprintf, which eventually calls http2.stickyErrWriter.Write #22: test/cli/acceptance.go:362:3: cli.Alertmanager.Start calls http2.transportResponseBody.Close #23: test/cli/acceptance.go:366:22: cli.Alertmanager.Start calls io.ReadAll, which calls http2.transportResponseBody.Read #24: notify/notify.go:998:21: notify.TimeActiveStage.Exec calls log.jsonLogger.Log, which eventually calls http2.writeData.String Your code is affected by 1 vulnerability from 1 module. This scan also found 0 vulnerabilities in packages you import and 2 vulnerabilities in modules you require, but your code doesn't appear to call these vulnerabilities. Use '-show verbose' for more details. Signed-off-by: Holger Hans Peter Freyther <[email protected]>
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
We can perhaps modify the alertmanager to support wide range of valid label names.
The text was updated successfully, but these errors were encountered: