Open jocado opened 1 year ago
Hi,
Seems like the follow modules have High level CVEs currently, as output from our trivy image scanning:
┌─────────────────────┬────────────────┬──────────┬────────────────────────────────────┬───────────────────────────────────┬─────────────────────────────────────────────────────────────┐ │ Library │ Vulnerability │ Severity │ Installed Version │ Fixed Version │ Title │ ├─────────────────────┼────────────────┼──────────┼────────────────────────────────────┼───────────────────────────────────┼─────────────────────────────────────────────────────────────┤ │ golang.org/x/crypto │ CVE-2021-43565 │ HIGH │ v0.0.0-20210711020723-a769d52b0f97 │ 0.0.0-20211202192323-5770296d904e │ golang.org/x/crypto: empty plaintext packet causes panic │ │ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2021-43565 │ │ ├────────────────┤ │ ├───────────────────────────────────┼─────────────────────────────────────────────────────────────┤ │ │ CVE-2022-27191 │ │ │ 0.0.0-20220314234659-1baeb1ce4c0b │ golang: crash in a golang.org/x/crypto/ssh server │ │ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-27191 │ ├─────────────────────┼────────────────┤ ├────────────────────────────────────┼───────────────────────────────────┼─────────────────────────────────────────────────────────────┤ │ golang.org/x/net │ CVE-2021-44716 │ │ v0.0.0-20210716203947-853a461950ff │ 0.0.0-20211209124913-491a49abca63 │ golang: net/http: limit growth of header canonicalization │ │ │ │ │ │ │ cache │ │ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2021-44716 │ │ ├────────────────┤ │ ├───────────────────────────────────┼─────────────────────────────────────────────────────────────┤ │ │ CVE-2022-27664 │ │ │ 0.0.0-202209061[651] │ golang: net/http: handle server errors after sending GOAWAY │ │ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-27664 │
I can easily create an MR to bump the versions, but I don't know if it's as simile as that. If it is, I will.
Please advise.
Cheers, Just
Hi,
Seems like the follow modules have High level CVEs currently, as output from our trivy image scanning:
I can easily create an MR to bump the versions, but I don't know if it's as simile as that. If it is, I will.
Please advise.
Cheers, Just