Closed n0vad3v closed 6 months ago
ghcr.io/webp-sh/webp_server_go (debian 12.5)
============================================
Total: 0 (HIGH: 0, CRITICAL: 0)
usr/bin/webp-server (gobinary)
==============================
Total: 1 (HIGH: 0, CRITICAL: 1)
┌─────────────────────────────┬────────────────┬──────────┬────────┬───────────────────┬───────────────┬──────────────────────────────────────────────────────────┐
│ Library │ Vulnerability │ Severity │ Status │ Installed Version │ Fixed Version │ Title │
├─────────────────────────────┼────────────────┼──────────┼────────┼───────────────────┼───────────────┼──────────────────────────────────────────────────────────┤
│ github.com/gofiber/fiber/v2 │ CVE-2024-25124 │ CRITICAL │ fixed │ v2.52.0 │ 2.52.1 │ Fiber has Insecure CORS Configuration, Allowing Wildcard │
│ │ │ │ │ │ │ Origin with Credentials │
│ │ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2024-25124 │
└─────────────────────────────┴────────────────┴──────────┴────────┴───────────────────┴───────────────┴──────────────────────────────────────────────────────────┘
Ref: https://github.com/davidbyttow/govips/releases/tag/v2.14.0