Open gfrankliu opened 3 years ago
When I do a gem install fluent-plugin-detect-exceptions, the generate file gems/fluent-plugin-detect-exceptions-0.0.13/Gemfile.lock has
gem install fluent-plugin-detect-exceptions
... rake (10.5.0) rubocop (0.42.0) ...
trivy scan report gives this:
================================================================================ Total: 2 (UNKNOWN: 0, LOW: 1, MEDIUM: 0, HIGH: 1, CRITICAL: 0) +---------+------------------+----------+-------------------+---------------+--------------------------------------+ | LIBRARY | VULNERABILITY ID | SEVERITY | INSTALLED VERSION | FIXED VERSION | TITLE | +---------+------------------+----------+-------------------+---------------+--------------------------------------+ | rake | CVE-2020-8130 | HIGH | 10.5.0 | 12.3.3 | rake: OS Command Injection | | | | | | | via egrep in Rake::FileList | | | | | | | -->avd.aquasec.com/nvd/cve-2020-8130 | +---------+------------------+----------+-------------------+---------------+--------------------------------------+ | rubocop | CVE-2017-8418 | LOW | 0.42.0 | 0.49.0 | RuboCop: insecure use of /tmp | | | | | | | -->avd.aquasec.com/nvd/cve-2017-8418 | +---------+------------------+----------+-------------------+---------------+--------------------------------------+
When I do a
gem install fluent-plugin-detect-exceptions
, the generate file gems/fluent-plugin-detect-exceptions-0.0.13/Gemfile.lock hastrivy scan report gives this: