(In reply to Camila Camargo de Matos from comment #3) > (In reply to Johannes Kastl from comment #2) > > Thanks for the report. > > > > As far as I can see, 0.192.0 uses a vulnerable version: > > > > $ grep gomarkdown go.mod > > github.com/gomarkdown/markdown v0.0.0-20230922112808-5421fefb8386 // > > indirect > > $ > > > > Upstream is still using this version. > > https://github.com/eksctl-io/eksctl/blob/main/go.mod#L216 > > > > Did anyone report this to upstream already? > > > > Kind Regards, > > Johannes > > I don't think that this has been reported in the eksctl upstream, only in > the gomarkdown/markdown upstream. See https://github.com/gomarkdown/markdown/issues/311.