zadam
commented
2 years ago Hi, neither of these are really relevant to the Trilum's security model.
ejs will be updated to the 3.1.7 in 0.52 though.
Open andyliuliming opened 2 years ago
zadam
commented
2 years ago Hi, neither of these are really relevant to the Trilum's security model.
ejs will be updated to the 3.1.7 in 0.52 though.
Trilium Version
0.51.2
What operating system are you using?
Windows
What is your setup?
Local (no sync)
Operating System Version
N/A
Description
if we use the trivy to scan the image, there're some cve in it.
================== Total: 3 (UNKNOWN: 0, LOW: 0, MEDIUM: 0, HIGH: 3, CRITICAL: 0)
+------------+------------------+----------+-------------------+----------------------------+---------------------------------------+ | LIBRARY | VULNERABILITY ID | SEVERITY | INSTALLED VERSION | FIXED VERSION | TITLE | +------------+------------------+----------+-------------------+----------------------------+---------------------------------------+ | ansi-regex | CVE-2021-3807 | HIGH | 3.0.0 | 3.0.1, 4.1.1, 5.0.1, 6.0.1 | nodejs-ansi-regex: Regular | | | | | | | expression denial of service | | | | | | | (ReDoS) matching ANSI escape codes | | | | | | | -->avd.aquasec.com/nvd/cve-2021-3807 |
+------------+------------------+ +-------------------+----------------------------+---------------------------------------+ | ejs | CVE-2022-29078 | | 3.1.6 | 3.1.7 | ejs: server-side template | | | | | | | injection in outputFunctionName | | | | | | | -->avd.aquasec.com/nvd/cve-2022-29078 | +------------+------------------+----------+-------------------+----------------------------+---------------------------------------+