Closed sybnex closed 3 months ago
Please update relevant libraries for succesfull vulnerablility scans. Version v1.1.5
Docker (Alpine)
Yes
GNU/Linux
arm64
...
usr/local/bin/frankenphp (gobinary) =================================== Total: 1 (HIGH: 1, CRITICAL: 0) ┌────────────────────────────┬────────────────┬──────────┬────────┬───────────────────┬───────────────┬─────────────────────────────────────────────────────────────┐ │ Library │ Vulnerability │ Severity │ Status │ Installed Version │ Fixed Version │ Title │ ├────────────────────────────┼────────────────┼──────────┼────────┼───────────────────┼───────────────┼─────────────────────────────────────────────────────────────┤ │ github.com/quic-go/quic-go │ CVE-2024-22189 │ HIGH │ fixed │ v0.41.0 │ 0.42.0 │ quic-go: memory exhaustion attack against QUIC's connection │ │ │ │ │ │ │ │ ID mechanism │ │ │ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2024-22189 │ └────────────────────────────┴────────────────┴──────────┴────────┴───────────────────┴───────────────┴─────────────────────────────────────────────────────────────┘```
It's a false positive (that will be entirely gone when we will tag the next release, which is in progress).
See https://x.com/mholt6/status/1792325234470904104
What happened?
Please update relevant libraries for succesfull vulnerablility scans. Version v1.1.5
Build Type
Docker (Alpine)
Worker Mode
Yes
Operating System
GNU/Linux
CPU Architecture
arm64
PHP configuration
Relevant log output