Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

[trivy] Vulnerability Alert #2

Open
github-actions bot opened this issue Oct 16, 2023 · 0 comments
Open

[trivy] Vulnerability Alert #2

github-actions bot opened this issue Oct 16, 2023 · 0 comments

Comments

@github-actions
Copy link

zozo-gatling-operator:6655dc141d131bf143c60c0481cb00f1f70501f0 (debian 11.8)

debian

No vulnerabilities found

manager

gobinary

Title Severity CVE Package Name Installed Version Fixed Version References
Authorization Bypass Through User-Controlled Key 🔴CRITICAL CVE-2022-1996 github.com/emicklei/go-restful v2.9.5+incompatible 2.16.0 - https://access.redhat.com/security/cve/CVE-2022-1996
- https://github.com/emicklei/go-restful
- emicklei/go-restful@9266625
- emicklei/go-restful@f292eff
- emicklei/go-restful@fd3c327
- emicklei/go-restful#489
- https://huntr.dev/bounties/be837427-415c-4d8c-808b-62ce20aa84f1
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/575BLJ3Y2EQBRNTFR2OSQQ6L2W6UCST3/
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/OBDD3Q23RCGAGHIXUCWBU6N3S4RNAKXB/
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RQXU752ALW53OJAF5MG3WMR5CCZVLWW6/
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/SO5QC2JFW2PXBWAE27OYYYL5SPFUBHTY/
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/W56PP46JVZEKCANBKXFKRVSBBRRMCY6V/
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/Z55VUVGO7E5PJFXIOVAY373NZRHBNCI5/
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZGQKWD6SE75PFBPFVSZYAKAVXKBZXKWS/
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZY2SLWOQR4ZURQ7UBRZ7JIX6H6F5JHJR/
- https://nvd.nist.gov/vuln/detail/CVE-2022-1996
- https://pkg.go.dev/vuln/GO-2022-0619
- https://security.netapp.com/advisory/ntap-20220923-0005/
- https://www.cve.org/CVERecord?id=CVE-2022-1996
crash in a golang.org/x/crypto/ssh server 🟠HIGH CVE-2022-27191 golang.org/x/crypto v0.0.0-20220214200702-86341886e292 0.0.0-20220314234659-1baeb1ce4c0b - https://access.redhat.com/errata/RHSA-2022:8008
- https://access.redhat.com/security/cve/CVE-2022-27191
- https://bugzilla.redhat.com/1939485
- https://bugzilla.redhat.com/1989564
- https://bugzilla.redhat.com/1989570
- https://bugzilla.redhat.com/1989575
- https://bugzilla.redhat.com/2064702
- https://bugzilla.redhat.com/2121445
- https://bugzilla.redhat.com/2121453
- https://cs.opensource.google/go/x/crypto
- https://errata.almalinux.org/9/ALSA-2022-8008.html
- https://go.dev/cl/392355
- https://go.googlesource.com/crypto/+/1baeb1ce4c0b006eff0f294c47cb7617598dfb3d
- https://groups.google.com/g/golang-announce
- https://groups.google.com/g/golang-announce/c/-cp44ypCT5s
- https://groups.google.com/g/golang-announce/c/-cp44ypCT5s/m/wmegxkLiAQAJ
- https://linux.oracle.com/cve/CVE-2022-27191.html
- https://linux.oracle.com/errata/ELSA-2022-8008.html
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DLUJZV3HBP56ADXU6QH2V7RNYUPMVBXQ/
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/EZ3S7LB65N54HXXBCB67P4TTOHTNPP5O/
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HHGBEGJ54DZZGTXFUQNS7ZIG3E624YAF/
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/J5WPM42UR6XIBQNQPNQHM32X7S4LJTRX/
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QTFOIDHQRGNI4P6LYN6ILH5G443RYYKB/
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RQXU752ALW53OJAF5MG3WMR5CCZVLWW6/
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/YHYRQB7TRMHDB3NEHW5XBRG7PPMUTPGV/
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/Z55VUVGO7E5PJFXIOVAY373NZRHBNCI5/
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZFUNHFHQVJSADNH7EZ3B53CYDZVEEPBP/
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZQNPPQWSTP2IX7SHE6TS4SP4EVMI5EZK/
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZY2SLWOQR4ZURQ7UBRZ7JIX6H6F5JHJR/
- https://nvd.nist.gov/vuln/detail/CVE-2022-27191
- https://pkg.go.dev/vuln/GO-2021-0356
- https://raw.githubusercontent.com/golang/vulndb/df2d3d326300e2ae768f00351ffa96cc2c56cf54/reports/GO-2021-0356.yaml
- https://security.netapp.com/advisory/ntap-20220429-0002/
- https://www.cve.org/CVERecord?id=CVE-2022-27191
handle server errors after sending GOAWAY 🟠HIGH CVE-2022-27664 golang.org/x/net v0.0.0-20220127200216-cd36cc0744dd 0.0.0-20220906165146-f3363e06e74c - https://access.redhat.com/errata/RHSA-2023:2357
- https://access.redhat.com/security/cve/CVE-2022-27664
- https://bugzilla.redhat.com/2107371
- https://bugzilla.redhat.com/2107374
- https://bugzilla.redhat.com/2107383
- https://bugzilla.redhat.com/2107386
- https://bugzilla.redhat.com/2107388
- https://bugzilla.redhat.com/2113814
- https://bugzilla.redhat.com/2124669
- https://bugzilla.redhat.com/2132868
- https://bugzilla.redhat.com/2132872
- https://bugzilla.redhat.com/2161274
- https://bugzilla.redhat.com/show_bug.cgi?id=1913333
- https://bugzilla.redhat.com/show_bug.cgi?id=1913338
- https://bugzilla.redhat.com/show_bug.cgi?id=2107371
- https://bugzilla.redhat.com/show_bug.cgi?id=2107374
- https://bugzilla.redhat.com/show_bug.cgi?id=2107383
- https://bugzilla.redhat.com/show_bug.cgi?id=2107386
- https://bugzilla.redhat.com/show_bug.cgi?id=2107388
- https://bugzilla.redhat.com/show_bug.cgi?id=2113814
- https://bugzilla.redhat.com/show_bug.cgi?id=2124669
- https://cs.opensource.google/go/x/net
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28851
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28852
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1705
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-27664
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-30630
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-30632
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-30635
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-32148
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-32189
- https://errata.almalinux.org/9/ALSA-2023-2357.html
- https://errata.rockylinux.org/RLSA-2022:7129
- golang/go@5bc9106 (go1.18.6)
- golang/go@9cfe4e2 (go1.19.1)
- golang/go#54658
- https://go.dev/cl/428735
- https://go.dev/issue/54658
- https://groups.google.com/g/golang-announce
- https://groups.google.com/g/golang-announce/c/x49AQzIVX-s
- https://groups.google.com/g/golang-announce/c/x49AQzIVX-s/m/0tgO0pjiBQAJ
- https://linux.oracle.com/cve/CVE-2022-27664.html
- https://linux.oracle.com/errata/ELSA-2023-2802.html
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JXKTHIGE5F576MAPFYCIJXNRGBSPISUF/
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TXS2OQ57KZC5XZKK5UW4SYKPVQAHIOJX/
- https://nvd.nist.gov/vuln/detail/CVE-2022-27664
- https://pkg.go.dev/vuln/GO-2022-0969
- https://security.gentoo.org/glsa/202209-26
- https://security.netapp.com/advisory/ntap-20220923-0004/
- https://ubuntu.com/security/notices/USN-6038-1
- https://www.cve.org/CVERecord?id=CVE-2022-27664
avoid quadratic complexity in HPACK decoding 🟠HIGH CVE-2022-41723 golang.org/x/net v0.0.0-20220127200216-cd36cc0744dd 0.7.0 - https://access.redhat.com/security/cve/CVE-2022-41723
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41723
- GHSA-vvpx-j8f3-3w6h
- https://go.dev/cl/468135
- https://go.dev/cl/468295
- https://go.dev/issue/57855
- https://groups.google.com/g/golang-announce/c/V0aBFqaFs_E
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4MA5XS5DAOJ5PKKNG5TUXKPQOFHT5VBC/
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RGW7GE2Z32ZT47UFAQFDRQE33B7Q7LMT/
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RLBQ3A7ROLEQXQLXFDLNJ7MYPKG5GULE/
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XX3IMUTZKRQ73PBZM4E2JP4BKYH4C6XE/
- https://nvd.nist.gov/vuln/detail/CVE-2022-41723
- https://pkg.go.dev/vuln/GO-2023-1571
- https://vuln.go.dev/ID/GO-2023-1571.json
- https://www.cve.org/CVERecord?id=CVE-2022-41723
ParseAcceptLanguage takes a long time to parse complex tags 🟠HIGH CVE-2022-32149 golang.org/x/text v0.3.7 0.3.8 - https://access.redhat.com/security/cve/CVE-2022-32149
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-32149
- golang/go#56152
- https://github.com/golang/text
- golang/text@434eadc
- golang/text@434eadc (v0.3.8)
- https://go.dev/cl/442235
- https://go.dev/issue/56152
- https://groups.google.com/g/golang-announce/c/-hjNw559_tE/m/KlGTfid5CAAJ
- https://groups.google.com/g/golang-dev/c/qfPIly0X7aU
- https://nvd.nist.gov/vuln/detail/CVE-2022-32149
- https://pkg.go.dev/vuln/GO-2022-1059
- https://ubuntu.com/security/notices/USN-5873-1
- https://www.cve.org/CVERecord?id=CVE-2022-32149
crash when attempting to deserialize invalid input 🟠HIGH CVE-2022-28948 gopkg.in/yaml.v3 v3.0.0-20210107192922-496545a6307b 3.0.0-20220521103104-8f96da9f5d5e - https://access.redhat.com/security/cve/CVE-2022-28948
- GHSA-hp87-p4gw-j4gq
- https://github.com/go-yaml/yaml
- go-yaml/yaml@8f96da9
- go-yaml/yaml#666
- https://nvd.nist.gov/vuln/detail/CVE-2022-28948
- https://security.netapp.com/advisory/ntap-20220923-0006/
- https://www.cve.org/CVERecord?id=CVE-2022-28948
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
None yet
Development

No branches or pull requests

0 participants