cve-2024-45337

[brunomurino]

Hi everyone,

We are using the docker image ghcr.io/drakkan/sftpgo:v2.6.4-plugins, and our security tool flagged this CVE on usr/local/bin/sftpgo-plugin-eventstore/PkgId:golang.org/x/[email protected].

Does anyone know if this actually impacts SFTPGo or if there are any mitigations in the code already, and if not, then how could I mitigate this one?

Many thanks!