Affected by GO-2023-2397 and 2 other vulnerabilities

GO-2023-2397: User with permission to write actions can impersonate another user when auth token is configured in environment variable in github.com/treeverse/lakefs

GO-2024-2581: User with ci:ReadAction permissions and write permissions to one path in a repository may copy objects from any path in the repository in github.com/treeverse/lakefs

GO-2024-3291: Re-creating a deleted user in lakeFS will re-enable previous user credentials that existed prior to its deletion in github.com/treeverse/lakefs

json

package

v0.113.0 Latest Latest Go to latest Published: Oct 15, 2023 License: Apache-2.0, MIT Imports: 4 Imported by: 0

Details

Valid go.mod file

The Go module system was introduced in Go 1.11 and is the official dependency management solution for Go.
Redistributable license

Redistributable licenses place minimal restrictions on how software can be used, modified, and redistributed.
Tagged version

Modules with tagged versions give importers more predictable builds.
Stable version

When a project reaches major version v1 it is considered stable.
Learn more about best practices