Open andyliuliming opened 2 years ago
0.51.2
Windows
Local (no sync)
N/A
if we use the trivy to scan the image, there're some cve in it.
================== Total: 3 (UNKNOWN: 0, LOW: 0, MEDIUM: 0, HIGH: 3, CRITICAL: 0)
+------------+------------------+----------+-------------------+----------------------------+---------------------------------------+ | LIBRARY | VULNERABILITY ID | SEVERITY | INSTALLED VERSION | FIXED VERSION | TITLE | +------------+------------------+----------+-------------------+----------------------------+---------------------------------------+ | ansi-regex | CVE-2021-3807 | HIGH | 3.0.0 | 3.0.1, 4.1.1, 5.0.1, 6.0.1 | nodejs-ansi-regex: Regular | | | | | | | expression denial of service | | | | | | | (ReDoS) matching ANSI escape codes | | | | | | | -->avd.aquasec.com/nvd/cve-2021-3807 |
+------------+------------------+ +-------------------+----------------------------+---------------------------------------+ | ejs | CVE-2022-29078 | | 3.1.6 | 3.1.7 | ejs: server-side template | | | | | | | injection in outputFunctionName | | | | | | | -->avd.aquasec.com/nvd/cve-2022-29078 | +------------+------------------+----------+-------------------+----------------------------+---------------------------------------+
Hi, neither of these are really relevant to the Trilum's security model.
ejs will be updated to the 3.1.7 in 0.52 though.
Trilium Version
0.51.2
What operating system are you using?
Windows
What is your setup?
Local (no sync)
Operating System Version
N/A
Description
if we use the trivy to scan the image, there're some cve in it.
================== Total: 3 (UNKNOWN: 0, LOW: 0, MEDIUM: 0, HIGH: 3, CRITICAL: 0)
+------------+------------------+----------+-------------------+----------------------------+---------------------------------------+ | LIBRARY | VULNERABILITY ID | SEVERITY | INSTALLED VERSION | FIXED VERSION | TITLE | +------------+------------------+----------+-------------------+----------------------------+---------------------------------------+ | ansi-regex | CVE-2021-3807 | HIGH | 3.0.0 | 3.0.1, 4.1.1, 5.0.1, 6.0.1 | nodejs-ansi-regex: Regular | | | | | | | expression denial of service | | | | | | | (ReDoS) matching ANSI escape codes | | | | | | | -->avd.aquasec.com/nvd/cve-2021-3807 |
+------------+------------------+ +-------------------+----------------------------+---------------------------------------+ | ejs | CVE-2022-29078 | | 3.1.6 | 3.1.7 | ejs: server-side template | | | | | | | injection in outputFunctionName | | | | | | | -->avd.aquasec.com/nvd/cve-2022-29078 | +------------+------------------+----------+-------------------+----------------------------+---------------------------------------+