Closed jdreesen closed 3 months ago
I installed v0.7.0 and checked the resulting image with aquasec/trivy:0.50.1 which found the following:
v0.7.0
aquasec/trivy:0.50.1
usr/local/bin/dockerize (gobinary) ================================== Total: 1 (HIGH: 1, CRITICAL: 0) ┌──────────────────┬────────────────┬──────────┬────────┬───────────────────┬───────────────┬──────────────────────────────────────────────────────────────┐ │ Library │ Vulnerability │ Severity │ Status │ Installed Version │ Fixed Version │ Title │ ├──────────────────┼────────────────┼──────────┼────────┼───────────────────┼───────────────┼──────────────────────────────────────────────────────────────┤ │ golang.org/x/net │ CVE-2023-39325 │ HIGH │ fixed │ v0.10.0 │ 0.17.0 │ golang: net/http, x/net/http2: rapid stream resets can cause │ │ │ │ │ │ │ │ excessive work (CVE-2023-44487) │ │ │ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-39325 │ └──────────────────┴────────────────┴──────────┴────────┴───────────────────┴───────────────┴──────────────────────────────────────────────────────────────┘
Update to v0.8.0
jwilder
commented
3 months ago jwilder
commented
3 months ago
I installed
v0.7.0and checked the resulting image withaquasec/trivy:0.50.1which found the following: