innobead
commented
11 months ago It's still around, just need time to work on it :slightly_smiling_face: .
I would encourage your team to contribute to huber as well if you are using it.
Closed sarg3nt closed 11 months ago
innobead
commented
11 months ago It's still around, just need time to work on it :slightly_smiling_face: .
I would encourage your team to contribute to huber as well if you are using it.
sarg3nt
commented
4 months ago @innobead I'm sorry to say that with the lack of updates and critical vulnerabilities in the huber binary our company will be abandoning the product. It's been ~7 months since my question above and still no new releases, no features worked on and it still does not work behind a corporate proxy.
It's super sad as this is a cool tool.
Output of cve-bin-tool ~/.huber/bin/huber
โฏ cve-bin-tool ~/.huber/bin/huber;
[14:30:15] INFO cve_bin_tool - CVE Binary Tool v3.3 cli.py:571
INFO cve_bin_tool - This product uses the NVD API but is not endorsed or certified by the NVD. cli.py:572
INFO cve_bin_tool.CVEDB - Using cached CVE data (<24h old). Use -u now to update immediately. cvedb.py:285
INFO cve_bin_tool.CVEDB - There are 370186 CVE entries in the database cvedb.py:362
INFO cve_bin_tool.CVEDB - There are 251352 CVE entries from NVD in the database cvedb.py:364
INFO cve_bin_tool.CVEDB - There are 101067 CVE entries from OSV in the database cvedb.py:364
INFO cve_bin_tool.CVEDB - There are 17767 CVE entries from REDHAT in the database cvedb.py:364
INFO cve_bin_tool - CVE database contains CVEs from National Vulnerability Database (NVD), Open Source Vulnerability Database (OSV), Gitlab Advisory Database (GAD) cli.py:832
and RedHat
INFO cve_bin_tool - CVE database last updated on 22 May 2024 at 14:29:14 cli.py:835
INFO cve_bin_tool - Number of checkers: 359 cli.py:1019
INFO cve_bin_tool.VersionScanner - Checkers: accountsservice, acpid, apache_http_server, apcupsd, apparmor, asn1c, assimp, asterisk, atftp, avahi, axel, version_scanner.py:113
bash, bind, binutils, bird, bison, bluez, boinc, botan, bro, bubblewrap, busybox, bwm_ng, bzip2, c_ares, capnproto, ceph, chess, chrony, civetweb,
clamav, collectd, commons_compress, connman, coreutils, cpio, cronie, cryptsetup, cups, curl, cvs, darkhttpd, dav1d, davfs2, dbus, debianutils,
dhclient, dhcpcd, dhcpd, dmidecode, dnsmasq, docker, domoticz, dosfstools, dotnet, dovecot, doxygen, dpkg, dropbear, e2fsprogs, ed, elfutils, emacs,
enscript, exfatprogs, exim, exiv2, f2fs_tools, faad2, fastd, ffmpeg, file, firefox, flac, fluidsynth, freeradius, freerdp, fribidi, frr, gawk, gcc,
gdal, gdb, gdk_pixbuf, gimp, git, glib, glibc, gmp, gnomeshell, gnupg, gnutls, go, gpgme, gpsd, graphicsmagick, grep, grub2, gstreamer, gupnp, gvfs,
gzip, haproxy, harfbuzz, haserl, hdf5, heimdal, hostapd, hunspell, hwloc, i2pd, icecast, icu, iperf3, ipmitool, ipsec_tools, iptables, irssi,
iucode_tool, iwd, jack2, jacksondatabind, janus, jhead, jq, json_c, kbd, keepalived, kerberos, kexectools, kodi, kubernetes, ldns, lftp, libarchive,
libass, libbpg, libcoap, libconfuse, libcurl, libdb, libde265, libebml, libevent, libexpat, libgcrypt, libgd, libgit2, libheif, libical, libidn2,
libinput, libjpeg, libjpeg_turbo, libksba, liblas, libmatroska, libmemcached, libmicrohttpd, libmodbus, libnss, libpcap, libraw, librsvg, librsync,
libsamplerate, libseccomp, libsndfile, libsolv, libsoup, libsrtp, libssh, libssh2, libtasn1, libtiff, libtomcrypt, libupnp, libuv, libvips, libvirt,
libvncserver, libvorbis, libvpx, libxslt, lighttpd, linux_kernel, lldpd, logrotate, lrzip, lua, luajit, lxc, lynx, lz4, mailx, mariadb, mbedtls,
mdadm, memcached, micropython, minetest, mini_httpd, minicom, minidlna, miniupnpc, miniupnpd, moby, modsecurity, monit, mosquitto, motion, mpg123,
mpv, msmtp, mtr, mupdf, mutt, mysql, nano, nasm, nbd, ncurses, neon, nessus, netatalk, netdata, netkit_ftp, netpbm, nettle, nghttp2, nginx, ngircd,
nmap, node, ntfs_3g, ntp, ntpsec, open_iscsi, open_vm_tools, openafs, opencv, openjpeg, openldap, opensc, openssh, openssl, openswan, openvpn,
p7zip, pango, patch, pcre, pcre2, pcsc_lite, perl, php, picocom, pigz, pixman, png, polarssl_fedora, poppler, postgresql, ppp, privoxy, procps_ng,
proftpd, protobuf_c, pspp, pure_ftpd, putty, python, qemu, qpdf, qt, quagga, radare2, radvd, raptor, rauc, rdesktop, readline, rpm, rsync, rsyslog,
rtl_433, rtmpdump, runc, rust, samba, sane_backends, sdl, seahorse, shadowsocks_libev, snapd, sngrep, snort, socat, sofia_sip, speex, spice, sqlite,
squashfs, squid, sslh, stellarium, strongswan, stunnel, subversion, sudo, suricata, sylpheed, syslogng, sysstat, systemd, tar, tcpdump, tcpreplay,
terminology, tesseract, thrift, thttpd, thunderbird, timescaledb, tinyproxy, tor, tpm2_tss, traceroute, transmission, trousers, twonky_server,
u_boot, udisks, unbound, unixodbc, upx, util_linux, varnish, vim, vlc, vorbis_tools, vsftpd, webkitgtk, wget, wireshark, wolfssl, wpa_supplicant,
xerces, xml2, xscreensaver, xwayland, yasm, zabbix, zchunk, zeek, zlib, znc, zsh, zstandard
INFO cve_bin_tool - Number of language checkers: 11 cli.py:1024
INFO cve_bin_tool.VersionScanner - Language Checkers: Dart, Go, Java, Javascript, Perl, Php, Python, R, Ruby, Rust, Swift version_scanner.py:138
[14:30:16] INFO cve_bin_tool.CVEScanner - 3 CVE(s) in libgit2.libgit2 version 1.5.0 cve_scanner.py:285
[14:30:17] INFO cve_bin_tool.CVEScanner - 2 CVE(s) in libssh2.libssh2 version 1.9.0 cve_scanner.py:285
INFO cve_bin_tool - Overall CVE summary: cli.py:1059
INFO cve_bin_tool - There are 2 products with known CVEs detected cli.py:1060
INFO cve_bin_tool - Known CVEs in ('libgit2.libgit2', '1.5.0'), ('libssh2.libssh2', '1.9.0'): cli.py:1071
โโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโ
โ CVE BINARY TOOL version: 3.3 โ
โโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโ
โข Report Generated: 2024-05-22 14:30:17
โข Time of last update of CVE Data: 2024-05-22 14:29:14
โญโโโโโโโโโโโโโโฎ
โ CVE SUMMARY โ
โฐโโโโโโโโโโโโโโฏ
โโโโโโโโโโโโณโโโโโโโโ
โ Severity โ Count โ
โกโโโโโโโโโโโโโโโโโโโฉ
โ CRITICAL โ 1 โ
โ HIGH โ 2 โ
โ MEDIUM โ 1 โ
โ LOW โ 0 โ
โ UNKNOWN โ 1 โ
โโโโโโโโโโโโดโโโโโโโโ
โญโโโโโโโโโโโโโโฎ
โ CPE SUMMARY โ
โฐโโโโโโโโโโโโโโฏ
โโโโโโโโโโโณโโโโโโโโโโณโโโโโโโโโโณโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโณโโโโโโโโโโโโโโโโโโโโโโณโโโโโโโโโโโโโโโโโโณโโโโโโโโโโโโโโโโโโโโณโโโโโโโโโโโโโโโโโณโโโโโโโโโโโโโโโโโโโโโณโโโโโโโโโโโโโโโโโโโ
โ Vendor โ Product โ Version โ Latest Upstream Stable Version โ CRITICAL CVEs Count โ HIGH CVEs Count โ MEDIUM CVEs Count โ LOW CVEs Count โ UNKNOWN CVEs Count โ TOTAL CVEs Count โ
โกโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโฉ
โ libgit2 โ libgit2 โ 1.5.0 โ 1.8.1 โ 1 โ 1 โ 0 โ 0 โ 1 โ 3 โ
โ libssh2 โ libssh2 โ 1.9.0 โ 1.11.0 โ 0 โ 1 โ 1 โ 0 โ 0 โ 2 โ
โโโโโโโโโโโดโโโโโโโโโโดโโโโโโโโโโดโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโดโโโโโโโโโโโโโโโโโโโโโโดโโโโโโโโโโโโโโโโโโดโโโโโโโโโโโโโโโโโโโโดโโโโโโโโโโโโโโโโโดโโโโโโโโโโโโโโโโโโโโโดโโโโโโโโโโโโโโโโโโโ
โญโโโโโโโโโโโโโโโโโโฎ
โ NewFound CVEs โ
โฐโโโโโโโโโโโโโโโโโโฏ
โโโโโโโโโโโณโโโโโโโโโโณโโโโโโโโโโณโโโโโโโโโโโโโโโโโณโโโโโโโโโณโโโโโโโโโโโณโโโโโโโโโโโโโโโโโโโโโโโ
โ Vendor โ Product โ Version โ CVE Number โ Source โ Severity โ Score (CVSS Version) โ
โกโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโฉ
โ libgit2 โ libgit2 โ 1.5.0 โ CVE-2023-22742 โ OSV โ UNKNOWN โ unknown โ
โ libgit2 โ libgit2 โ 1.5.0 โ CVE-2024-24575 โ NVD โ HIGH โ 7.5 (v3) โ
โ libgit2 โ libgit2 โ 1.5.0 โ CVE-2024-24577 โ NVD โ CRITICAL โ 9.8 (v3) โ
โ libssh2 โ libssh2 โ 1.9.0 โ CVE-2019-17498 โ NVD โ HIGH โ 8.1 (v3) โ
โ libssh2 โ libssh2 โ 1.9.0 โ CVE-2023-48795 โ OSV โ MEDIUM โ 5.9 (v3) โ
โโโโโโโโโโโดโโโโโโโโโโดโโโโโโโโโโดโโโโโโโโโโโโโโโโโดโโโโโโโโโดโโโโโโโโโโโดโโโโโโโโโโโโโโโโโโโโโโโ
โโโโโโโโโโโณโโโโโโโโโโณโโโโโโโโโโณโโโโโโโโโโโโโโโโโโโโโโโโโโณโโโโโโโโโโโ
โ Vendor โ Product โ Version โ Root โ Filename โ
โกโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโฉ
โ libgit2 โ libgit2 โ 1.5.0 โ /home/vscode/.huber/bin โ huber โ
โ libssh2 โ libssh2 โ 1.9.0 โ /home/vscode/.huber/bin โ huber โ
โโโโโโโโโโโดโโโโโโโโโโดโโโโโโโโโโดโโโโโโโโโโโโโโโโโโโโโโโโโโดโโโโโโโโโโโ
These are fairly classic signs that a project has been abandoned.
@innobead I don't mean to be a jerk, but when you build a tool like Huber, people are going to use it, build it into their pipeline and become dependent on it. We need you to be somewhat responsive on issues and requests, if not, we will abandon it and the project will die.
Or, if we love it enough, we will fork it and . . your project will die. Our team has had internal discussions about forking it, looking for some input so we can make a decision.