Security vulnerability in temporal image

naresh · October 14, 2022, 5:52am

Hi,
Our security team detected the “CVE-2022-27664” vulnerability with the temporal image. They are asking us to upgrade the golang version to 1.18.6. I am going through all the temporal images; the latest one (1.18.1) uses go 1.18. Are there any security risks with this version? Does the temporal server use net/HTTP libraries?

Thanks
Naresh

Mike_McBryde · October 14, 2022, 8:04pm

Hi Naresh,

I’m tracking down the issue now; what scanner are you using to find this issue? (Trivy?)

Thanks,
Mike

naresh · October 14, 2022, 8:47pm

Hi Mike,

Thanks for the response. We are using Orca.security.

Naresh

naresh · October 18, 2022, 7:09pm

Hi Mike,

It would be great if you can let us know the severity level of this security vulnerability. Appreciate your help on this.

Thanks
Naresh

Topic		Replies	Views
Upgrade go stdlib to resolve CVEs Server Deployment	2	77	October 16, 2024
Latest versions of server and UI have security issues Community Support	1	408	November 8, 2022
Vulnerability detected by Snyk in Go SDK Community Support go-sdk	0	569	October 12, 2023
Upgrade out of CVEs Community Support python-sdk , general-impl	1	114	June 3, 2024
How to find temporal server version through SDK Server Deployment	4	416	February 14, 2024

Security vulnerability in temporal image

Related topics