CVE(s) found - Githubissues

buildpacks / pack

CLI for building apps using Cloud Native Buildpacks

https://buildpacks.io

Apache License 2.0

2.57k stars 287 forks source link

CVE(s) found #2247

Closed github-actions[bot] closed 1 month ago

github-actions[bot] commented 2 months ago

Latest buildpacksio/pack v0.35.1 triggered CVE(s) from Grype. For further details, see: https://github.com/buildpacks/pack/actions/runs/10344879230

natalieparellano commented 2 months ago

The scan found 4 CVEs, the first two are false positives and should be addressed by https://github.com/buildpacks/pack/pull/2250.

The second two (CVE-2024-41110, GHSA-v23v-6jw2-98fq) appear to be the same vulnerability and are non-impactful as pack uses only the docker client library. We can probably silence these with a dependency bump, so I didn't add it to the ignore file.

jjbustamante commented 1 month ago

@natalieparellano I think this one will be solved with https://github.com/buildpacks/pack/pull/2246