Hello, gosec has reported a debug tool is enabled that sounds dangerous:

google-osconfig-agent-20200625.00/main.go:42] - G108 (CWE-200): Profiling 
endpoint is automatically exposed on /debug/pprof (Confidence: HIGH, Severity: 
HIGH)
    41:
  > 42:         _ "net/http/pprof"
    43:


Is this correct? Is this intentional?

Thanks

-- 
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1891934

Title:
  [MIR] google-osconfig-agent

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/google-osconfig-agent/+bug/1891934/+subscriptions

-- 
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs

Reply via email to