umputun
commented
4 months ago none of this seems to be relevant for the repoxy.
however, dependabot has been added to keep dependencies up to date.
Closed rachlenko closed 4 months ago
umputun
commented
4 months ago none of this seems to be relevant for the repoxy.
however, dependabot has been added to keep dependencies up to date.
Just passed Docker image (ghcr.io/umputun/reproxy:latest 21a040ed5653 linux/amd64 ) thru scanners. Results are in. Thanks for all you've done! 😊
medium risk : CVE-2023-48795 golang.org/x/crypto ssh: Prefix truncation attack on Binary Packet Protocol (BPP) installed version: v0.15.0 Fixed version: 0.17.0 more info : https://avd.aquasec.com/nvd/cve-2023-48795
medium risk: CVE-2024-24786 google.golang.org/protobuf installed version: v1.31.0 Fixed Version: 1.33.0 more info: https://avd.aquasec.com/nvd/cve-2024-24786
medium risk: CVE-2023-48795 [Insufficient Verification of Data Authenticity] Affected range : <0.17.0 Fixed version : 0.17.0 more info: https://scout.docker.com/v/CVE-2023-48795