Closed deepakkinni closed 1 year ago
Update dependencies to resolve to CVEs
dkinni@dkinniCMD6R astrolabe % trivy fs . 2023-02-22T16:41:03.401-0800 INFO Vulnerability scanning is enabled 2023-02-22T16:41:03.402-0800 INFO Secret scanning is enabled 2023-02-22T16:41:03.402-0800 INFO If your scanning is slow, please try '--scanners vuln' to disable secret scanning 2023-02-22T16:41:03.402-0800 INFO Please see also https://aquasecurity.github.io/trivy/v0.37/docs/secret/scanning/#recommendation for faster secret detection 2023-02-22T16:41:04.074-0800 INFO Number of language-specific files: 1 2023-02-22T16:41:04.075-0800 INFO Detecting gomod vulnerabilities... go.mod (gomod) Total: 2 (UNKNOWN: 0, LOW: 1, MEDIUM: 1, HIGH: 0, CRITICAL: 0) ┌───────────────────────────┬───────────────┬──────────┬───────────────────┬───────────────┬────────────────────────────────────────────────────────────┐ │ Library │ Vulnerability │ Severity │ Installed Version │ Fixed Version │ Title │ ├───────────────────────────┼───────────────┼──────────┼───────────────────┼───────────────┼────────────────────────────────────────────────────────────┤ │ github.com/aws/aws-sdk-go │ CVE-2020-8911 │ MEDIUM │ 1.42.10 │ │ aws/aws-sdk-go: CBC padding oracle issue in AWS S3 Crypto │ │ │ │ │ │ │ SDK for golang... │ │ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2020-8911 │ │ ├───────────────┼──────────┤ ├───────────────┼────────────────────────────────────────────────────────────┤ │ │ CVE-2020-8912 │ LOW │ │ │ aws-sdk-go: In-band key negotiation issue in AWS S3 Crypto │ │ │ │ │ │ │ SDK for golang... │ │ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2020-8912 │ └───────────────────────────┴───────────────┴──────────┴───────────────────┴───────────────┴────────────────────────────────────────────────────────────┘
Update dependencies to resolve to CVEs