Comments (3)
SuperQ
commented on June 18, 2024
Please do not report raw vulnerability scanner results. They are prone to false positives and cause the Prometheus team toil in verifying. Please verify vulnerability reports and include specific details as to which components are directly exploitable. Please also include a reproduction case.
from memcached_exporter.
alynx282
commented on June 18, 2024
Dear @SuperQ,
In case of an explicit package version declaration the fix would be changing a single digit.
Otherwise it's just rebuilding, committing, pushing and merging.
Does your reply mean that this fix would be done if and only if:
- The security breach found in code and exploit is implemented
- Reproduction documentation is present
?
The time taken for making such a research (by non security expert) is significantly more than waiting for the next project rebuild (on average).
Thank you.
from memcached_exporter.
SuperQ
commented on June 18, 2024
To add, we have dependabot to automatically update our repos. So filing individual requests to every Prometheus repo wastes both your time and ours.
from memcached_exporter.
Related Issues (20)
- what version of memcached this exporter support? HOT 1
- A server has multiple memcaches deployed, how can I start a memcached_exporter to monitor the service HOT 6
- CVEs in the base docker image HOT 1
- Does it work with "mcrouter"? HOT 8
- Hi,I had a problem with memcached-exporter HOT 1
- extstore statistics HOT 1
- Add ability to allow or disable specific metrics HOT 3
- how to get metrics about latency HOT 3
- Cut new release to clear backlog of CVEs HOT 2
- Support multi-target exporter pattern HOT 2
- Export "direct_reclaims"
- Update the golang version from 1.18 to 1.19.2 HOT 3
- Error when compiling on gearmand version 1.1.19.1 HOT 4
- Support binding to specific interface HOT 1
- 90% of stats are memcached_slab_* HOT 4
- CVE-2023-3978 HOT 1
- Does memcached exporter supports memcached 1.4.15 version? HOT 1
- make error HOT 1
- make error on rpi4 HOT 1
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from memcached_exporter.