github-actions[bot]
commented
5 days ago :mag: Vulnerabilities of floryn90/hugo:ext-ubuntu-ci
:package: Image Reference floryn90/hugo:ext-ubuntu-ci
| digest | sha256:d177acd5966cbc60c7c48ccae0b385c3c40421641243ab719186dc6d33493984 |
| vulnerabilities |     |
| size | 319 MB |
| packages | 838 |
:package: Base Image ubuntu:24.04
| also known as |
|
| digest | sha256:c920ba4cfca05503764b785c16b76d43c83a6df8d1ab107e7e6610000d94315c |
| vulnerabilities |     |
pkg:golang/stdlib@1.22.2
DescriptionThe various Is methods (IsPrivate, IsLoopback, etc) did not work as expected for IPv4-mapped IPv6 addresses, returning false for addresses which would return true in their traditional IPv4 forms. | ||||||||
pkg:gem/rdoc@6.5.0 Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')
DescriptionAn issue was discovered in RDoc 6.3.3 through 6.6.2, as distributed in Ruby 3.x through 3.3.0. When parsing `.rdoc_options` (used for configuration in RDoc) as a YAML file, object injection and resultant remote code execution are possible because there are no restrictions on the classes that can be restored. When loading the documentation cache, object injection and resultant remote code execution are also possible if there were a crafted cache. We recommend to update the RDoc gem to version 6.6.3.1 or later. In order to ensure compatibility with bundled version in older Ruby series, you may update as follows instead: * For Ruby 3.0 users: Update to `rdoc` 6.3.4.1 * For Ruby 3.1 users: Update to `rdoc` 6.4.1.1 * For Ruby 3.2 users: Update to `rdoc` 6.5.1.1 You can use `gem update rdoc` to update it. If you are using bundler, please add `gem "rdoc", ">= 6.6.3.1"` to your `Gemfile`. Note: 6.3.4, 6.4.1, 6.5.1 and 6.6.3 have a incorrect fix. We recommend to upgrade 6.3.4.1, 6.4.1.1, 6.5.1.1 and 6.6.3.1 instead of them. |
stdlib 
Upgraded dependencies: