prometheus/prometheus CVE-2019-3826 #9199
Labels
Comments
|
Hi, thank you for the issues! looks like we're already using a later version per #8795, which says that we had upgraded to v2.21.0. If you have further concerns or that doesn't look right currently, do let us know. thanks! |
|
Thanks for the reply, @jagularr. I confess I'm not an expert in Golang, but when I look at Doesn't this mean that telegraf is using prometheus v1.8.2, and not 2.7.1? TIA! |
|
Ah, I've found prometheus/prometheus#7991 (comment), which explains why prometheus' tags are versioned differently. I now see that the version of prometheus being used by telegraf is indeed higher than 2.7.1. I'm closing this bug, then. Thanks! |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
The prometheus/prometheus module used by telegraf is affected by:
https://nvd.nist.gov/vuln/detail/CVE-2019-3826
An update to version 2.7.1 or later should address the issue.
The text was updated successfully, but these errors were encountered: