Skip to main content

CVE-2024-45338

CVE-2024-45338

Issue in golang/x/net:0.20.0

FALSE POSITIVE

Rundeck and Runbook Automation are not vulnerable to this CVE.

CVE-2024-45338 reports an issue in golang.org/x/net:0.20.0, but our usage of it through the remco dependency is not affected. This vulnerability primarily impacts servers processing real-time data, causing potential denial of service (DoS). Since remco is a CLI tool and not a server, it does not face the same risks. The maintainer of remco also confirms this in the commit message for the version we are currently using.

As there have been no updates from the maintainer addressing this CVE, we are unable to upgrade and resolve it at this time. For now, suppressing the warning while continuing to monitor for updates is the recommended approach.