Security vulnerability in temporal image

Hi,
Our security team detected the “CVE-2022-27664” vulnerability with the temporal image. They are asking us to upgrade the golang version to 1.18.6. I am going through all the temporal images; the latest one (1.18.1) uses go 1.18. Are there any security risks with this version? Does the temporal server use net/HTTP libraries?

Thanks
Naresh

Hi Naresh,

I’m tracking down the issue now; what scanner are you using to find this issue? (Trivy?)

Thanks,
Mike

Hi Mike,

Thanks for the response. We are using Orca.security.

Naresh

Hi Mike,

It would be great if you can let us know the severity level of this security vulnerability. Appreciate your help on this.

Thanks
Naresh