Open gfrankliu opened 3 years ago
Trivy scanner reports os pulls vulnerable rake, probably due to https://github.com/rdp/os/blob/master/Gemfile.lock#L11
os
================================================== Total: 1 (UNKNOWN: 0, LOW: 0, MEDIUM: 0, HIGH: 1, CRITICAL: 0) +---------+------------------+----------+-------------------+---------------+--------------------------------------+ | LIBRARY | VULNERABILITY ID | SEVERITY | INSTALLED VERSION | FIXED VERSION | TITLE | +---------+------------------+----------+-------------------+---------------+--------------------------------------+ | rake | CVE-2020-8130 | HIGH | 0.9.6 | 12.3.3 | rake: OS Command Injection | | | | | | | via egrep in Rake::FileList | | | | | | | -->avd.aquasec.com/nvd/cve-2020-8130 | +---------+------------------+----------+-------------------+---------------+--------------------------------------+
Trivy scanner reports
os
pulls vulnerable rake, probably due to https://github.com/rdp/os/blob/master/Gemfile.lock#L11