Vulnerability update in gcr.io/atomist-container-skills/owasp-dependency-check-skill (unstable)

atomist[bot] commented 2 years ago

Vulnerabilities

Following vulnerability change detected in image gcr.io/atomist-container-skills/owasp-dependency-check-skill set as unstable:

New vulnerability

CVE	Severity	CVSS	Packages	Fix	Line
Image `gcr.io/atomist-container-skills/owasp-dependency-check-skill`
CVE-2021-42740	critical	`9.8`	`shell-quote` _1.7.2		42

Details

_{Commit 5ebed053fe3cb367aa6890996ad183771a7fb129

Image gcr.io/atomist-container-skills/owasp-dependency-check-skill

Tag 5ebed053fe3cb367aa6890996ad183771a7fb129

Digest sha256:6b016dbf07f461164d5d44296a420194415011cb873bfe113613be66a8ef72ed

Scanned October 31, 2021, 12:01 AM UTC

unstable set October 7, 2021, 6:18 PM UTC}

atomist[bot] commented 2 years ago

Vulnerabilities

Following vulnerability change detected in image gcr.io/atomist-container-skills/owasp-dependency-check-skill set as unstable:

New vulnerability

CVE	Severity	CVSS	Packages	Fix	Line
Image `gcr.io/atomist-container-skills/owasp-dependency-check-skill`
CVE-2021-28831	high	`7.5`	`busybox` _{1.31.1-r20 > 1.32.1-r4}	`x`	13

Details

_{Commit 5ebed053fe3cb367aa6890996ad183771a7fb129

Image gcr.io/atomist-container-skills/owasp-dependency-check-skill

Tag 5ebed053fe3cb367aa6890996ad183771a7fb129

Digest sha256:6b016dbf07f461164d5d44296a420194415011cb873bfe113613be66a8ef72ed

Scanned November 14, 2021, 12:03 AM UTC

unstable set October 7, 2021, 6:18 PM UTC}

atomist[bot] commented 2 years ago

Vulnerabilities

Following vulnerability changes detected in image gcr.io/atomist-container-skills/owasp-dependency-check-skill set as unstable:

Vulnerability updates

CVE	Severity	CVSS	Packages	Fix	Line
Image `gcr.io/atomist-container-skills/owasp-dependency-check-skill`
CVE-2021-42386	~~severity_unspecified~~ > high	~~`n/a`~~ > `7.2`	`busybox` _{1.31.1-r20 > 1.31.1-r21}	`x`	13
CVE-2021-42385	~~severity_unspecified~~ > high	~~`n/a`~~ > `7.2`	`busybox` _{1.31.1-r20 > 1.31.1-r21}	`x`	13
CVE-2021-42384	~~severity_unspecified~~ > high	~~`n/a`~~ > `7.2`	`busybox` _{1.31.1-r20 > 1.31.1-r21}	`x`	13
CVE-2021-42383	~~severity_unspecified~~ > high	~~`n/a`~~ > `7.2`	`busybox` _{1.31.1-r20 > 1.31.1-r21}	`x`	13
CVE-2021-42382	~~severity_unspecified~~ > high	~~`n/a`~~ > `7.2`	`busybox` _{1.31.1-r20 > 1.31.1-r21}	`x`	13
CVE-2021-42381	~~severity_unspecified~~ > high	~~`n/a`~~ > `7.2`	`busybox` _{1.31.1-r20 > 1.31.1-r21}	`x`	13
CVE-2021-42380	~~severity_unspecified~~ > high	~~`n/a`~~ > `7.2`	`busybox` _{1.31.1-r20 > 1.31.1-r21}	`x`	13
CVE-2021-42379	~~severity_unspecified~~ > high	~~`n/a`~~ > `7.2`	`busybox` _{1.31.1-r20 > 1.31.1-r21}	`x`	13
CVE-2021-42378	~~severity_unspecified~~ > high	~~`n/a`~~ > `7.2`	`busybox` _{1.31.1-r20 > 1.31.1-r21}	`x`	13

Details

_{Commit 5ebed053fe3cb367aa6890996ad183771a7fb129

Image gcr.io/atomist-container-skills/owasp-dependency-check-skill

Tag 5ebed053fe3cb367aa6890996ad183771a7fb129

Digest sha256:6b016dbf07f461164d5d44296a420194415011cb873bfe113613be66a8ef72ed

Scanned November 18, 2021, 12:05 AM UTC

unstable set October 7, 2021, 6:18 PM UTC}

atomist[bot] commented 2 years ago

Vulnerabilities

Following vulnerability changes detected in image gcr.io/atomist-container-skills/owasp-dependency-check-skill set as unstable:

Vulnerability updates

CVE	Severity	CVSS	Packages	Fix	Line
Image `gcr.io/atomist-container-skills/owasp-dependency-check-skill`
CVE-2021-42374	~~severity_unspecified~~ > critical	~~`n/a`~~ > `9.1`	`busybox` _{1.31.1-r20 > 1.31.1-r21}	`x`	13
CVE-2021-42375	~~severity_unspecified~~ > high	~~`n/a`~~ > `7.5`	`busybox` _{1.31.1-r20 > 1.31.1-r21}	`x`	13

Details

_{Commit 5ebed053fe3cb367aa6890996ad183771a7fb129

Image gcr.io/atomist-container-skills/owasp-dependency-check-skill

Tag 5ebed053fe3cb367aa6890996ad183771a7fb129

Digest sha256:6b016dbf07f461164d5d44296a420194415011cb873bfe113613be66a8ef72ed

Scanned November 19, 2021, 12:10 AM UTC

unstable set October 7, 2021, 6:18 PM UTC}

atomist[bot] commented 2 years ago

Vulnerabilities

Following vulnerability change detected in image gcr.io/atomist-container-skills/owasp-dependency-check-skill set as unstable:

New vulnerability

CVE	Severity	CVSS	Packages	Fix	Line

Details

_{Commit 5ebed053fe3cb367aa6890996ad183771a7fb129

Image gcr.io/atomist-container-skills/owasp-dependency-check-skill

Tag 5ebed053fe3cb367aa6890996ad183771a7fb129

Digest sha256:6b016dbf07f461164d5d44296a420194415011cb873bfe113613be66a8ef72ed

Scanned November 26, 2021, 12:45 AM UTC

unstable set October 7, 2021, 6:18 PM UTC}

atomist[bot] commented 2 years ago

Vulnerabilities

Following vulnerability change detected in image gcr.io/atomist-container-skills/owasp-dependency-check-skill set as unstable:

New vulnerability

CVE	Severity	CVSS	Packages	Fix	Line
Base image `owasp/dependency-check:latest`
CVE-2021-3918	critical	`9.8`	`json-schema` _{0.2.3 > 0.4.0}	`x`	2

Details

_{Commit 5ebed053fe3cb367aa6890996ad183771a7fb129

Image gcr.io/atomist-container-skills/owasp-dependency-check-skill

Tag 5ebed053fe3cb367aa6890996ad183771a7fb129

Digest sha256:6b016dbf07f461164d5d44296a420194415011cb873bfe113613be66a8ef72ed

Scanned December 1, 2021, 1:10 AM UTC

unstable set October 7, 2021, 6:18 PM UTC}

atomist[bot] commented 2 years ago

Vulnerabilities

Following vulnerability change detected in image gcr.io/atomist-container-skills/owasp-dependency-check-skill set as unstable:

New vulnerability

CVE	Severity	CVSS	Packages	Fix	Line
Base image `owasp/dependency-check:latest`
CVE-2021-39537	high	`8.8`	`ncurses` _{6.2_p20200523-r0 > 6.2_p20200523-r1}	`x`	2

Details

_{Commit 5ebed053fe3cb367aa6890996ad183771a7fb129

Image gcr.io/atomist-container-skills/owasp-dependency-check-skill

Tag 5ebed053fe3cb367aa6890996ad183771a7fb129

Digest sha256:6b016dbf07f461164d5d44296a420194415011cb873bfe113613be66a8ef72ed

Scanned December 10, 2021, 1:55 AM UTC

unstable set October 7, 2021, 6:18 PM UTC}

atomist[bot] commented 2 years ago

Vulnerabilities

Following vulnerability change detected in image gcr.io/atomist-container-skills/owasp-dependency-check-skill set as unstable:

Vulnerability update

CVE	Severity	CVSS	Packages	Fix	Line
Base image `owasp/dependency-check:latest`
CVE-2021-43809	~~medium~~ > high	~~`6.7`~~ > `7.3`	`bundler` _{2.2.26 > 2.2.33}	`x`	2

Details

_{Commit 5ebed053fe3cb367aa6890996ad183771a7fb129

Image gcr.io/atomist-container-skills/owasp-dependency-check-skill

Tag 5ebed053fe3cb367aa6890996ad183771a7fb129

Digest sha256:6b016dbf07f461164d5d44296a420194415011cb873bfe113613be66a8ef72ed

Scanned December 15, 2021, 2:25 AM UTC

unstable set October 7, 2021, 6:18 PM UTC}

atomist[bot] commented 2 years ago

Vulnerabilities

Following vulnerability change detected in image gcr.io/atomist-container-skills/owasp-dependency-check-skill set as unstable:

New vulnerability

CVE	Severity	CVSS	Packages	Fix	Line
Base image `owasp/dependency-check:latest`
CVE-2021-23463	critical	`9.1`	`h2` _1.4.199		2

Details

_{Commit c8851b2315d51df01d28c232e919925dfda71e1c

Image gcr.io/atomist-container-skills/owasp-dependency-check-skill

Tag c8851b2315d51df01d28c232e919925dfda71e1c

Digest sha256:a9feac355df335c096d0ce9b7bd2d39f97e474b7be3bfa283b0e17bcaefd09f2

Scanned December 16, 2021, 2:20 PM UTC

unstable set December 15, 2021, 2:18 PM UTC}

atomist[bot] commented 2 years ago

Vulnerabilities

Following vulnerability change detected in image gcr.io/atomist-container-skills/owasp-dependency-check-skill set as unstable:

New vulnerability

CVE	Severity	CVSS	Packages	Fix	Line
Base image `owasp/dependency-check:latest`
GHSA-h376-j262-vhq6	critical	`n/a`	`h2` _{1.4.199 > 2.0.206}	`x`	2

Details

_{Commit 70a208e9662833a35a6e192c67f99e7f363b8059

Image gcr.io/atomist-container-skills/owasp-dependency-check-skill

Tag 70a208e9662833a35a6e192c67f99e7f363b8059

Digest sha256:960f1ba5dd894d8f8fc0eab460b76f134e1b987bcd16187a5d427fa33b57d624

Scanned January 7, 2022, 11:00 PM UTC

unstable set January 3, 2022, 10:41 PM UTC}

atomist[bot] commented 2 years ago

Vulnerabilities

Following vulnerability changes detected in image gcr.io/atomist-container-skills/owasp-dependency-check-skill set as unstable:

New vulnerabilities

CVE	Severity	CVSS	Packages	Fix	Line
Image `gcr.io/atomist-container-skills/owasp-dependency-check-skill`
GHSA-wrvw-hg22-4m67	high	`n/a`	`protobuf-java` _{3.11.4 > 3.16.1}	`x`	47
CVE-2021-22569	high	`n/a`	`protobuf-java` _{3.11.4 > 3.19.2, 3.18.2, 3.16.1}	`x`	47

Details

_{Commit 70a208e9662833a35a6e192c67f99e7f363b8059

Image gcr.io/atomist-container-skills/owasp-dependency-check-skill

Tag 70a208e9662833a35a6e192c67f99e7f363b8059

Digest sha256:960f1ba5dd894d8f8fc0eab460b76f134e1b987bcd16187a5d427fa33b57d624

Scanned January 8, 2022, 11:04 PM UTC

unstable set January 3, 2022, 10:41 PM UTC}

atomist[bot] commented 2 years ago

Vulnerabilities

Following vulnerability change detected in image gcr.io/atomist-container-skills/owasp-dependency-check-skill set as unstable:

New vulnerability

CVE	Severity	CVSS	Packages	Fix	Line
Base image `owasp/dependency-check:latest`
CVE-2021-42392	critical	`n/a`	`h2` _{1.4.199 > 2.0.206}	`x`	2

Details

_{Commit 70a208e9662833a35a6e192c67f99e7f363b8059

Image gcr.io/atomist-container-skills/owasp-dependency-check-skill

Tag 70a208e9662833a35a6e192c67f99e7f363b8059

Digest sha256:960f1ba5dd894d8f8fc0eab460b76f134e1b987bcd16187a5d427fa33b57d624

Scanned January 13, 2022, 3:10 PM UTC

unstable set January 3, 2022, 10:41 PM UTC}

atomist[bot] commented 2 years ago

Vulnerabilities

Following vulnerability changes detected in image gcr.io/atomist-container-skills/owasp-dependency-check-skill set as unstable:

New vulnerabilities

CVE	Severity	CVSS	Packages	Fix	Line

Details

_{Commit 70a208e9662833a35a6e192c67f99e7f363b8059

Image gcr.io/atomist-container-skills/owasp-dependency-check-skill

Tag 70a208e9662833a35a6e192c67f99e7f363b8059

Digest sha256:960f1ba5dd894d8f8fc0eab460b76f134e1b987bcd16187a5d427fa33b57d624

Scanned January 17, 2022, 3:25 PM UTC

unstable set January 3, 2022, 10:41 PM UTC}

atomist[bot] commented 2 years ago

Vulnerabilities

Following vulnerability changes detected in image gcr.io/atomist-container-skills/owasp-dependency-check-skill set as unstable:

New vulnerabilities

CVE	Severity	CVSS	Packages	Fix	Line
Base image `owasp/dependency-check:latest`
CVE-2022-22824	critical	`9.8`	`expat` _{2.4.1-r0 > 2.4.3-r0}	`x`	2
CVE-2022-22823	critical	`9.8`	`expat` _{2.4.1-r0 > 2.4.3-r0}	`x`	2
CVE-2022-22822	critical	`9.8`	`expat` _{2.4.1-r0 > 2.4.3-r0}	`x`	2
CVE-2022-22827	high	`8.8`	`expat` _{2.4.1-r0 > 2.4.3-r0}	`x`	2
CVE-2022-22826	high	`8.8`	`expat` _{2.4.1-r0 > 2.4.3-r0}	`x`	2
CVE-2022-22825	high	`8.8`	`expat` _{2.4.1-r0 > 2.4.3-r0}	`x`	2

Details

_{Commit 70a208e9662833a35a6e192c67f99e7f363b8059

Image gcr.io/atomist-container-skills/owasp-dependency-check-skill

Tag 70a208e9662833a35a6e192c67f99e7f363b8059

Digest sha256:960f1ba5dd894d8f8fc0eab460b76f134e1b987bcd16187a5d427fa33b57d624

Scanned January 18, 2022, 3:30 PM UTC

unstable set January 3, 2022, 10:41 PM UTC}

atomist[bot] commented 2 years ago

Vulnerabilities

Following vulnerability changes detected in image gcr.io/atomist-container-skills/owasp-dependency-check-skill set as unstable:

New vulnerabilities

CVE	Severity	CVSS	Packages	Fix	Line
Base image `owasp/dependency-check:latest`
CVE-2022-23221	critical	`n/a`	`h2` _{1.4.199 > 2.1.210}	`x`	2
CVE-2021-41819	high	`7.5`	`cgi` _{0.1.0.1 > 0.3.1}	`x`	2

Details

_{Commit 70a208e9662833a35a6e192c67f99e7f363b8059

Image gcr.io/atomist-container-skills/owasp-dependency-check-skill

Tag 70a208e9662833a35a6e192c67f99e7f363b8059

Digest sha256:960f1ba5dd894d8f8fc0eab460b76f134e1b987bcd16187a5d427fa33b57d624

Scanned January 22, 2022, 3:55 PM UTC

unstable set January 3, 2022, 10:41 PM UTC}

atomist[bot] commented 2 years ago

Vulnerabilities

Following vulnerability changes detected in image gcr.io/atomist-container-skills/owasp-dependency-check-skill set as unstable:

New vulnerabilities

CVE	Severity	CVSS	Packages	Fix	Line
Base image `owasp/dependency-check:latest`
CVE-2022-23990	critical	`9.8`	`expat` _{2.4.1-r0 > 2.4.4-r0}	`x`	2
CVE-2022-23852	critical	`9.8`	`expat` _{2.4.1-r0 > 2.4.4-r0}	`x`	2
Image `gcr.io/atomist-container-skills/owasp-dependency-check-skill`
CVE-2021-22570	high	`7.5`	`protobuf-java` _3.11.4		47

Details

_{Commit 70a208e9662833a35a6e192c67f99e7f363b8059

Image gcr.io/atomist-container-skills/owasp-dependency-check-skill

Tag 70a208e9662833a35a6e192c67f99e7f363b8059

Digest sha256:960f1ba5dd894d8f8fc0eab460b76f134e1b987bcd16187a5d427fa33b57d624

Scanned February 4, 2022, 6:45 PM UTC

unstable set January 3, 2022, 10:41 PM UTC}

atomist[bot] commented 2 years ago

Vulnerabilities

Following vulnerability change detected in image gcr.io/atomist-container-skills/owasp-dependency-check-skill set as unstable:

New vulnerability

CVE	Severity	CVSS	Packages	Fix	Line
Base image `owasp/dependency-check:latest`
CVE-2022-21724	high	`n/a`	`postgresql` _{42.2.19 > 42.3.2, 42.2.25}	`x`	2

Details

_{Commit 70a208e9662833a35a6e192c67f99e7f363b8059

Image gcr.io/atomist-container-skills/owasp-dependency-check-skill

Tag 70a208e9662833a35a6e192c67f99e7f363b8059

Digest sha256:960f1ba5dd894d8f8fc0eab460b76f134e1b987bcd16187a5d427fa33b57d624

Scanned February 5, 2022, 6:50 PM UTC

unstable set January 3, 2022, 10:41 PM UTC}

atomist[bot] commented 2 years ago

Vulnerabilities

Following vulnerability change detected in image gcr.io/atomist-container-skills/owasp-dependency-check-skill set as unstable:

Vulnerability update

CVE	Severity	CVSS	Packages	Fix	Line
Base image `owasp/dependency-check:latest`
CVE-2022-21724	~~high~~ > critical	~~`n/a`~~ > `9.8`	`postgresql` _{42.2.19 > 42.3.2, 42.2.25}	`x`	2

Details

_{Commit 70a208e9662833a35a6e192c67f99e7f363b8059

Image gcr.io/atomist-container-skills/owasp-dependency-check-skill

Tag 70a208e9662833a35a6e192c67f99e7f363b8059

Digest sha256:960f1ba5dd894d8f8fc0eab460b76f134e1b987bcd16187a5d427fa33b57d624

Scanned February 8, 2022, 7:11 PM UTC

unstable set January 3, 2022, 10:41 PM UTC}

atomist[bot] commented 2 years ago

Vulnerabilities

Following vulnerability changes detected in image gcr.io/atomist-container-skills/owasp-dependency-check-skill set as unstable:

New vulnerabilities

CVE	Severity	CVSS	Packages	Fix	Line
Base image `owasp/dependency-check:latest`
CVE-2021-44533	high	`n/a`	`nodejs` _{14.18.1-r0 > 14.19.0-r0}	`x`	2
CVE-2021-44532	high	`n/a`	`nodejs` _{14.18.1-r0 > 14.19.0-r0}	`x`	2
CVE-2021-44531	high	`n/a`	`nodejs` _{14.18.1-r0 > 14.19.0-r0}	`x`	2

Details

_{Commit 70a208e9662833a35a6e192c67f99e7f363b8059

Image gcr.io/atomist-container-skills/owasp-dependency-check-skill

Tag 70a208e9662833a35a6e192c67f99e7f363b8059

Digest sha256:960f1ba5dd894d8f8fc0eab460b76f134e1b987bcd16187a5d427fa33b57d624

Scanned February 10, 2022, 11:30 AM UTC

unstable set January 3, 2022, 10:41 PM UTC}

atomist[bot] commented 2 years ago

Vulnerabilities

Following vulnerability change detected in image gcr.io/atomist-container-skills/owasp-dependency-check-skill set as unstable:

Vulnerability update

CVE	Severity	CVSS	Packages	Fix	Line
Base image `owasp/dependency-check:latest`
CVE-2021-41816	~~severity_unspecified~~ > critical	~~`n/a`~~ > `9.8`	`cgi` _{0.1.0.1 > 0.1.1}	`x`	2

Details

_{Commit 70a208e9662833a35a6e192c67f99e7f363b8059

Image gcr.io/atomist-container-skills/owasp-dependency-check-skill

Tag 70a208e9662833a35a6e192c67f99e7f363b8059

Digest sha256:960f1ba5dd894d8f8fc0eab460b76f134e1b987bcd16187a5d427fa33b57d624

Scanned February 16, 2022, 12:21 PM UTC

unstable set January 3, 2022, 10:41 PM UTC}

atomist[bot] commented 2 years ago

Thanks for your contribution!

This issue has been automatically marked with stale because it has not had any activity in last 50 days. It will be closed in 7 days if no further activity occurs. To prevent closing, label with defer or blocked or any of the changelog: labels.

atomist-skills / owasp-dependency-check-skill