Closed danielcibrao-form3 closed 2 years ago
By checking the code there were some security vulnerabilities present in the net-tools binary such has:
usr/local/bin/nats-top ====================== Total: 4 (UNKNOWN: 0, LOW: 0, MEDIUM: 0, HIGH: 4, CRITICAL: 0) +-----------------------------------+------------------+----------+-------------------+-------------------------------------+---------------------------------------+ | LIBRARY | VULNERABILITY ID | SEVERITY | INSTALLED VERSION | FIXED VERSION | TITLE | +-----------------------------------+------------------+----------+-------------------+-------------------------------------+---------------------------------------+ | github.com/nats-io/jwt | CVE-2021-3127 | HIGH | v1.1.0 | 1.2.3-0.20210314221642-a826c77dc9d2 | nats-server: mishandling | | | | | | | Import Token bindings may lead | | | | | | | to Incorrect Access Control | | | | | | | -->avd.aquasec.com/nvd/cve-2021-3127 | +-----------------------------------+------------------+ +-------------------+-------------------------------------+---------------------------------------+ | github.com/nats-io/nats-server/v2 | CVE-2020-28466 | | v2.1.9 | v2.2.0 | Denial of service | | | | | | | -->avd.aquasec.com/nvd/cve-2020-28466 | + +------------------+ + + +---------------------------------------+ | | CVE-2021-3127 | | | | nats-server: mishandling | | | | | | | Import Token bindings may lead | | | | | | | to Incorrect Access Control | | | | | | | -->avd.aquasec.com/nvd/cve-2021-3127 | + +------------------+ + +-------------------------------------+---------------------------------------+ | | CVE-2022-24450 | | | 2.7.2 | nats-server: misusing the | | | | | | | "dynamically provisioned | | | | | | | sandbox accounts" feature | | | | | | | authenticated user can... | | | | | | | -->avd.aquasec.com/nvd/cve-2022-24450 | +-----------------------------------+------------------+----------+-------------------+-------------------------------------+---------------------------------------+
These results come from Trivy from the nats-box image. Upgrading the packages fixed inner dependencies and these crypto and sys packages were upgraded to the latest version.
By checking the code there were some security vulnerabilities present in the net-tools binary such has:
These results come from Trivy from the nats-box image. Upgrading the packages fixed inner dependencies and these crypto and sys packages were upgraded to the latest version.