CVE-2023-24538/CVE-2023-24540 - stdlib

[herman-aka-wouter]

package is build with stdlib 1.19.1 which has critical Vulnerabilities.

Fixed in Go >=1.19.9 and >=1.20.4.

anyway we can get an update?

[herman-aka-wouter]

@mblaschke

[lasdou]

+1

#18

[pimmesz]

Still an issue!!!

[pooley182]

adding CVE-2025-22871 and CVE-2025-22874 to this list of vulns that need fixing.
Requires upgrade to >=1.24.4

[pooley182]

I have forked this project and bumped all dependencies to clear all outstanding CVEs for the old version of go/stdlib.
https://github.com/pooley182/go-replace/releases/tag/22.10.1