Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Resolve Vulnerabilities in University Image #2297

Closed
codyharris-h2o-ai opened this issue Mar 22, 2024 · 2 comments
Closed

Resolve Vulnerabilities in University Image #2297

codyharris-h2o-ai opened this issue Mar 22, 2024 · 2 comments
Labels
chore Chores security Related to security

Comments

@codyharris-h2o-ai
Copy link

Hello!
As part of our ongoing to ensure the security of our products, one or more vulnerabilties requiring redmediation have been identified.

The following vulnerabilities were scanned and found by using ECR. ECR scans are used in conjunction with Prisma scans to ensure we meet a high standard for software security.
We have suggestions on tooling to help improve the remediation process, following the vulnerability table below.
Note that we disregard the severity levels assigned by various tools and operate soley on CVSS to severity mapping in line with NIST guidelines.

Vulnerability Severity Image Package Description
CVE-2021-30473 critical 524466471676.dkr.ecr.us-east-1.amazonaws.com/h2oai/university:1.0.0 aom:1.0.0.errata1 aom_image.c in libaom in AOMedia before 2021-04-07 frees memory that is not located on the heap.
CVE-2021-30474 critical 524466471676.dkr.ecr.us-east-1.amazonaws.com/h2oai/university:1.0.0 aom:1.0.0.errata1 aom_dsp/grain_table.c in libaom in AOMedia before 2021-03-30 has a use-after-free.
CVE-2021-30475 critical 524466471676.dkr.ecr.us-east-1.amazonaws.com/h2oai/university:1.0.0 aom:1.0.0.errata1 aom_dsp/noise_model.c in libaom in AOMedia before 2021-03-24 has a buffer overflow.
CVE-2022-1253 critical 524466471676.dkr.ecr.us-east-1.amazonaws.com/h2oai/university:1.0.0 libde265:1.0.8 Heap-based Buffer Overflow in GitHub repository strukturag/libde265 prior to and including 1.0.8. The fix is established in comm[...]
CVE-2022-24963 critical 524466471676.dkr.ecr.us-east-1.amazonaws.com/h2oai/university:1.0.0 apr:1.7.0 Integer Overflow or Wraparound vulnerability in apr_encode functions of Apache Portable Runtime (APR) allows an attacker to writ[...]
CVE-2023-38408 critical 524466471676.dkr.ecr.us-east-1.amazonaws.com/h2oai/university:1.0.0 openssh:8.4p1 The PKCS#11 feature in ssh-agent in OpenSSH before 9.3p2 has an insufficiently trustworthy search path, leading to remote code e[...]
CVE-2023-38545 critical 524466471676.dkr.ecr.us-east-1.amazonaws.com/h2oai/university:1.0.0 curl:7.74.0 This flaw makes curl overflow a heap based buffer in the SOCKS5 proxy handshake. When curl is asked to pass along the host name[...]
CVE-2020-21598 high 524466471676.dkr.ecr.us-east-1.amazonaws.com/h2oai/university:1.0.0 libde265:1.0.8 libde265 v1.0.4 contains a heap buffer overflow in the ff_hevc_put_unweighted_pred_8_sse function, which can be exploited via a [...]
CVE-2020-22218 high 524466471676.dkr.ecr.us-east-1.amazonaws.com/h2oai/university:1.0.0 libssh2:1.9.0 An issue was discovered in function _libssh2_packet_add in libssh2 1.10.0 allows attackers to access out of bounds memory.
CVE-2020-22219 high 524466471676.dkr.ecr.us-east-1.amazonaws.com/h2oai/university:1.0.0 flac:1.3.3 Buffer Overflow vulnerability in function bitwriter_grow_ in flac before 1.4.0 allows remote attackers to run arbitrary code via[...]
CVE-2020-29652 high 524466471676.dkr.ecr.us-east-1.amazonaws.com/h2oai/university:1.0.0 golang.org/x/crypto:v0.0.0-20201012173705-84dcc777aaee A nil pointer dereference in the golang.org/x/crypto/ssh component through v0.0.0-20201203163018-be400aefbc4c for Go allows remo[...]
CVE-2020-36131 high 524466471676.dkr.ecr.us-east-1.amazonaws.com/h2oai/university:1.0.0 aom:1.0.0.errata1 AOM v2.0.1 was discovered to contain a stack buffer overflow via the component stats/rate_hist.c.
CVE-2020-36133 high 524466471676.dkr.ecr.us-east-1.amazonaws.com/h2oai/university:1.0.0 aom:1.0.0.errata1 AOM v2.0.1 was discovered to contain a global buffer overflow via the component av1/encoder/partition_search.h.
CVE-2021-20309 high 524466471676.dkr.ecr.us-east-1.amazonaws.com/h2oai/university:1.0.0 imagemagick:6.9.11.60+dfsg A flaw was found in ImageMagick in versions before 7.0.11 and before 6.9.12, where a division by zero in WaveImage() of MagickCo[...]
CVE-2021-33194 high 524466471676.dkr.ecr.us-east-1.amazonaws.com/h2oai/university:1.0.0 golang.org/x/net:v0.0.0-20200822124328-c89045814202 golang.org/x/net before v0.0.0-20210520170846-37e1c6afe023 allows attackers to cause a denial of service (infinite loop) via cra[...]
CVE-2021-33631 high 524466471676.dkr.ecr.us-east-1.amazonaws.com/h2oai/university:1.0.0 linux:5.10.162 Integer Overflow or Wraparound vulnerability in openEuler kernel on Linux (filesystem modules) allows Forced Integer Overflow.Th[...]
CVE-2021-3610 high 524466471676.dkr.ecr.us-east-1.amazonaws.com/h2oai/university:1.0.0 imagemagick:6.9.11.60+dfsg A heap-based buffer overflow vulnerability was found in ImageMagick in versions prior to 7.0.11-14 in ReadTIFFImage() in coders/[...]
CVE-2021-36409 high 524466471676.dkr.ecr.us-east-1.amazonaws.com/h2oai/university:1.0.0 libde265:1.0.8 There is an Assertion `scaling_list_pred_matrix_id_delta==1' failed at sps.cc:925 in libde265 v1.0.8 when decoding file, which a[...]
CVE-2021-4204 high 524466471676.dkr.ecr.us-east-1.amazonaws.com/h2oai/university:1.0.0 linux:5.10.162 An out-of-bounds (OOB) memory access flaw was found in the Linux kernel's eBPF due to an Improper Input Validation. This flaw al[...]
CVE-2021-43565 high 524466471676.dkr.ecr.us-east-1.amazonaws.com/h2oai/university:1.0.0 golang.org/x/crypto:v0.0.0-20201012173705-84dcc777aaee The x/crypto/ssh package before 0.0.0-20211202192323-5770296d904e of golang.org/x/crypto allows an attacker to panic an SSH serv[...]
CVE-2022-1114 high 524466471676.dkr.ecr.us-east-1.amazonaws.com/h2oai/university:1.0.0 imagemagick:6.9.11.60+dfsg A heap-use-after-free flaw was found in ImageMagick's RelinquishDCMInfo() function of dcm.c file. This vulnerability is triggere[...]
CVE-2022-27191 high 524466471676.dkr.ecr.us-east-1.amazonaws.com/h2oai/university:1.0.0 golang.org/x/crypto:v0.0.0-20201012173705-84dcc777aaee The golang.org/x/crypto/ssh package before 0.0.0-20220314234659-1baeb1ce4c0b for Go allows an attacker to crash a server in cert[...]
CVE-2022-27664 high 524466471676.dkr.ecr.us-east-1.amazonaws.com/h2oai/university:1.0.0 golang.org/x/net:v0.0.0-20200822124328-c89045814202 In net/http in Go before 1.18.6 and 1.19.x before 1.19.1, attackers can cause a denial of service because an HTTP/2 connection c[...]
CVE-2022-28463 high 524466471676.dkr.ecr.us-east-1.amazonaws.com/h2oai/university:1.0.0 imagemagick:6.9.11.60+dfsg ImageMagick 7.1.0-27 is vulnerable to Buffer Overflow.
CVE-2022-29458 high 524466471676.dkr.ecr.us-east-1.amazonaws.com/h2oai/university:1.0.0 ncurses:6.2+20201114 ncurses 6.3 before patch 20220416 has an out-of-bounds read and segmentation violation in convert_strings in tinfo/read_entry.c [...]
CVE-2022-3109 high 524466471676.dkr.ecr.us-east-1.amazonaws.com/h2oai/university:1.0.0 ffmpeg:4.3.5 An issue was discovered in the FFmpeg package, where vp3_decode_frame in libavcodec/vp3.c lacks check of the return value of av_[...]
CVE-2022-32545 high 524466471676.dkr.ecr.us-east-1.amazonaws.com/h2oai/university:1.0.0 imagemagick:6.9.11.60+dfsg A vulnerability was found in ImageMagick, causing an outside the range of representable values of type 'unsigned char' at coders[...]
CVE-2022-32546 high 524466471676.dkr.ecr.us-east-1.amazonaws.com/h2oai/university:1.0.0 imagemagick:6.9.11.60+dfsg A vulnerability was found in ImageMagick, causing an outside the range of representable values of type 'unsigned long' at coders[...]
CVE-2022-32547 high 524466471676.dkr.ecr.us-east-1.amazonaws.com/h2oai/university:1.0.0 imagemagick:6.9.11.60+dfsg In ImageMagick, there is load of misaligned address for type 'double', which requires 8 byte alignment and for type 'float', whi[...]
CVE-2022-41723 high 524466471676.dkr.ecr.us-east-1.amazonaws.com/h2oai/university:1.0.0 golang.org/x/net:v0.0.0-20200822124328-c89045814202 A maliciously crafted HTTP/2 stream could cause excessive CPU consumption in the HPACK decoder, sufficient to cause a denial of [...]
CVE-2022-4379 high 524466471676.dkr.ecr.us-east-1.amazonaws.com/h2oai/university:1.0.0 linux:5.10.162 A use-after-free vulnerability was found in __nfs42_ssc_open() in fs/nfs/nfs4file.c in the Linux kernel. This flaw allows an att[...]
CVE-2022-44617 high 524466471676.dkr.ecr.us-east-1.amazonaws.com/h2oai/university:1.0.0 libxpm:3.5.12 A flaw was found in libXpm. When processing a file with width of 0 and a very large height, some parser functions will be called[...]
CVE-2022-46285 high 524466471676.dkr.ecr.us-east-1.amazonaws.com/h2oai/university:1.0.0 libxpm:3.5.12 A flaw was found in libXpm. This issue occurs when parsing a file with a comment not closed; the end-of-file condition will not [...]
CVE-2022-47655 high 524466471676.dkr.ecr.us-east-1.amazonaws.com/h2oai/university:1.0.0 libde265:1.0.8 Libde265 1.0.9 is vulnerable to Buffer Overflow in function void put_qpel_fallback
CVE-2022-47664 high 524466471676.dkr.ecr.us-east-1.amazonaws.com/h2oai/university:1.0.0 libde265:1.0.8 Libde265 1.0.9 is vulnerable to Buffer Overflow in ff_hevc_put_hevc_qpel_pixels_8_sse
CVE-2022-47665 high 524466471676.dkr.ecr.us-east-1.amazonaws.com/h2oai/university:1.0.0 libde265:1.0.8 Libde265 1.0.9 has a heap buffer overflow vulnerability in de265_image::set_SliceAddrRS(int, int, int)
CVE-2022-4883 high 524466471676.dkr.ecr.us-east-1.amazonaws.com/h2oai/university:1.0.0 libxpm:3.5.12 A flaw was found in libXpm. When processing files with .Z or .gz extensions, the library calls external programs to compress and[...]
CVE-2023-0045 high 524466471676.dkr.ecr.us-east-1.amazonaws.com/h2oai/university:1.0.0 linux:5.10.162 The current implementation of the prctl syscall does not issue an IBPB immediately during the syscall. The ib_prctl_set  functi[...]
CVE-2023-0361 high 524466471676.dkr.ecr.us-east-1.amazonaws.com/h2oai/university:1.0.0 gnutls28:3.7.1 A timing side-channel in the handling of RSA ClientKeyExchange messages was discovered in GnuTLS. This side-channel can be suffi[...]
CVE-2023-0464 high 524466471676.dkr.ecr.us-east-1.amazonaws.com/h2oai/university:1.0.0 openssl:1.1.1n A security vulnerability has been identified in all supported versions of OpenSSL related to the verification of X.509 certific[...]
CVE-2023-1380 high 524466471676.dkr.ecr.us-east-1.amazonaws.com/h2oai/university:1.0.0 linux:5.10.162 A slab-out-of-bound read problem was found in brcmf_get_assoc_ies in drivers/net/wireless/broadcom/brcm80211/brcmfmac/cfg80211.c[...]
CVE-2023-1999 high 524466471676.dkr.ecr.us-east-1.amazonaws.com/h2oai/university:1.0.0 libwebp:0.6.1 There exists a use after free/double free in libwebp. An attacker can use the ApplyFiltersAndEncode() function and loop through[...]
CVE-2023-2156 high 524466471676.dkr.ecr.us-east-1.amazonaws.com/h2oai/university:1.0.0 linux:5.10.162 A flaw was found in the networking subsystem of the Linux kernel within the handling of the RPL protocol. This issue results fro[...]
CVE-2023-21930 high 524466471676.dkr.ecr.us-east-1.amazonaws.com/h2oai/university:1.0.0 openjdk-11:11.0.18+10 Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: JSSE). Supported v[...]
CVE-2023-23946 high 524466471676.dkr.ecr.us-east-1.amazonaws.com/h2oai/university:1.0.0 git:2.30.2 Git, a revision control system, is vulnerable to path traversal prior to versions 2.39.2, 2.38.4, 2.37.6, 2.36.5, 2.35.7, 2.34.7[...]
CVE-2023-2454 high 524466471676.dkr.ecr.us-east-1.amazonaws.com/h2oai/university:1.0.0 postgresql-13:13.9 schema_element defeats protective search_path changes; It was found that certain database calls in PostgreSQL could permit an au[...]
CVE-2023-25434 high 524466471676.dkr.ecr.us-east-1.amazonaws.com/h2oai/university:1.0.0 tiff:4.2.0 libtiff 4.5.0 is vulnerable to Buffer Overflow via extractContigSamplesBytes() at /libtiff/tools/tiffcrop.c:3215.
CVE-2023-27103 high 524466471676.dkr.ecr.us-east-1.amazonaws.com/h2oai/university:1.0.0 libde265:1.0.8 Libde265 v1.0.11 was discovered to contain a heap buffer overflow via the function derive_collocated_motion_vectors at motion.cc[...]
CVE-2023-27534 high 524466471676.dkr.ecr.us-east-1.amazonaws.com/h2oai/university:1.0.0 curl:7.74.0 A path traversal vulnerability exists in curl <8.0.0 SFTP implementation causes the tilde (~) character to be wrongly replaced w[...]
CVE-2023-29499 high 524466471676.dkr.ecr.us-east-1.amazonaws.com/h2oai/university:1.0.0 glib2.0:2.66.8 A flaw was found in GLib. GVariant deserialization fails to validate that the input conforms to the expected format, leading to [...]
CVE-2023-3138 high 524466471676.dkr.ecr.us-east-1.amazonaws.com/h2oai/university:1.0.0 libx11:1.7.2 A vulnerability was found in libX11. The security flaw occurs because the functions in src/InitExt.c in libX11 do not check that[...]
CVE-2023-34241 high 524466471676.dkr.ecr.us-east-1.amazonaws.com/h2oai/university:1.0.0 cups:2.3.3op2 OpenPrinting CUPS is a standards-based, open source printing system for Linux and other Unix-like operating systems. Starting in[...]
CVE-2023-3567 high 524466471676.dkr.ecr.us-east-1.amazonaws.com/h2oai/university:1.0.0 linux:5.10.162 A use-after-free flaw was found in vcs_read in drivers/tty/vt/vc_screen.c in vc_screen in the Linux Kernel. This issue may allow[...]
CVE-2023-39197 high 524466471676.dkr.ecr.us-east-1.amazonaws.com/h2oai/university:1.0.0 linux:5.10.162 An out-of-bounds read vulnerability was found in Netfilter Connection Tracking (conntrack) in the Linux kernel. This flaw allows[...]
CVE-2023-39325 high 524466471676.dkr.ecr.us-east-1.amazonaws.com/h2oai/university:1.0.0 golang.org/x/net:v0.7.0 v0.0.0-20200822124328-c89045814202 A malicious HTTP/2 client which rapidly creates requests and immediately resets them can cause excessive server resource consump[...]
CVE-2023-39417 high 524466471676.dkr.ecr.us-east-1.amazonaws.com/h2oai/university:1.0.0 postgresql-13:13.9 IN THE EXTENSION SCRIPT, a SQL Injection vulnerability was found in PostgreSQL if it uses @extowner@, @extschema@, or @extschema[...]
CVE-2023-43787 high 524466471676.dkr.ecr.us-east-1.amazonaws.com/h2oai/university:1.0.0 libx11:1.7.2 A vulnerability was found in libX11 due to an integer overflow within the XCreateImage() function. This flaw allows a local user[...]
CVE-2023-43887 high 524466471676.dkr.ecr.us-east-1.amazonaws.com/h2oai/university:1.0.0 libde265:1.0.8 Libde265 v1.0.12 was discovered to contain multiple buffer overflows via the num_tile_columns and num_tile_row parameters in the[...]
CVE-2023-44487 high 524466471676.dkr.ecr.us-east-1.amazonaws.com/h2oai/university:1.0.0 golang.org/x/net google.golang.org/grpc nghttp2:v0.0.0-20200822124328-c89045814202 v1.49.0 v0.7.0 1.43.0 The HTTP/2 protocol allows a denial of service (server resource consumption) because request cancellation can reset many streams[...]
CVE-2023-44488 high 524466471676.dkr.ecr.us-east-1.amazonaws.com/h2oai/university:1.0.0 libvpx:1.9.0 VP9 in libvpx before 1.13.1 mishandles widths, leading to a crash related to encoding.
CVE-2023-47038 high 524466471676.dkr.ecr.us-east-1.amazonaws.com/h2oai/university:1.0.0 perl:5.32.1 A vulnerability was found in perl. This issue occurs when a crafted regular expression is compiled by perl, which can allow an a[...]
CVE-2023-4863 high 524466471676.dkr.ecr.us-east-1.amazonaws.com/h2oai/university:1.0.0 libwebp:0.6.1 Heap buffer overflow in libwebp in Google Chrome prior to 116.0.5845.187 and libwebp 1.3.2 allowed a remote attacker to perform [...]
CVE-2023-4911 high 524466471676.dkr.ecr.us-east-1.amazonaws.com/h2oai/university:1.0.0 glibc:2.31 A buffer overflow was discovered in the GNU C Library's dynamic loader ld.so while processing the GLIBC_TUNABLES environment var[...]
CVE-2023-49465 high 524466471676.dkr.ecr.us-east-1.amazonaws.com/h2oai/university:1.0.0 libde265:1.0.8 Libde265 v1.0.14 was discovered to contain a heap-buffer-overflow vulnerability in the derive_spatial_luma_vector_prediction fun[...]
CVE-2023-49467 high 524466471676.dkr.ecr.us-east-1.amazonaws.com/h2oai/university:1.0.0 libde265:1.0.8 Libde265 v1.0.14 was discovered to contain a heap-buffer-overflow vulnerability in the derive_combined_bipredictive_merging_cand[...]
CVE-2023-49468 high 524466471676.dkr.ecr.us-east-1.amazonaws.com/h2oai/university:1.0.0 libde265:1.0.8 Libde265 v1.0.14 was discovered to contain a global buffer overflow vulnerability in the read_coding_unit function at slice.cc.
CVE-2023-5217 high 524466471676.dkr.ecr.us-east-1.amazonaws.com/h2oai/university:1.0.0 libvpx:1.9.0 Heap buffer overflow in vp8 encoding in libvpx in Google Chrome prior to 117.0.5938.132 and libvpx 1.13.1 allowed a remote attac[...]
CVE-2023-52425 high 524466471676.dkr.ecr.us-east-1.amazonaws.com/h2oai/university:1.0.0 expat:2.2.10 libexpat through 2.5.0 allows a denial of service (resource consumption) because many full reparsings are required in the case o[...]
CVE-2023-5869 high 524466471676.dkr.ecr.us-east-1.amazonaws.com/h2oai/university:1.0.0 postgresql-13:13.9 A flaw was found in PostgreSQL that allows authenticated database users to execute arbitrary code through missing overflow check[...]
CVE-2024-0553 high 524466471676.dkr.ecr.us-east-1.amazonaws.com/h2oai/university:1.0.0 gnutls28:3.7.1 A vulnerability was found in GnuTLS. The response times to malformed ciphertexts in RSA-PSK ClientKeyExchange differ from the re[...]
CVE-2024-0565 high 524466471676.dkr.ecr.us-east-1.amazonaws.com/h2oai/university:1.0.0 linux:5.10.162 An out-of-bounds memory read flaw was found in receive_encrypted_standard in fs/smb/client/smb2ops.c in the SMB Client sub-compo[...]
grep: (standard input): binary file matches
CVE-2024-0567 high 524466471676.dkr.ecr.us-east-1.amazonaws.com/h2oai/university:1.0.0 gnutls28:3.7.1 A vulnerability was found in GnuTLS, where a cockpit (which uses gnuTLS) rejects a certificate chain with distributed trust. Thi[...]
CVE-2024-0743 high 524466471676.dkr.ecr.us-east-1.amazonaws.com/h2oai/university:1.0.0 nss:3.61 An unchecked return value in TLS handshake code could have caused a potentially exploitable crash. This vulnerability affects Fi[...]
CVE-2024-0775 high 524466471676.dkr.ecr.us-east-1.amazonaws.com/h2oai/university:1.0.0 linux:5.10.162 A use-after-free flaw was found in the __ext4_remount in fs/ext4/super.c in ext4 in the Linux kernel. This flaw allows a local u[...]
CVE-2024-0985 high 524466471676.dkr.ecr.us-east-1.amazonaws.com/h2oai/university:1.0.0 postgresql-13:13.9 Late privilege drop in REFRESH MATERIALIZED VIEW CONCURRENTLY in PostgreSQL allows an object creator to execute arbitrary SQL fu[...]
CVE-2024-20918 high 524466471676.dkr.ecr.us-east-1.amazonaws.com/h2oai/university:1.0.0 openjdk-11:11.0.18+10 Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE (compon[...]
CVE-2024-20952 high 524466471676.dkr.ecr.us-east-1.amazonaws.com/h2oai/university:1.0.0 openjdk-11:11.0.18+10 Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE (compon[...]
CVE-2024-24762 high 524466471676.dkr.ecr.us-east-1.amazonaws.com/h2oai/university:1.0.0 starlette:0.32.0.post1 python-multipart is a streaming multipart parser for Python. When using form data, python-multipart uses a Regular Expressio[...]
GHSA-m425-mq94-257g high 524466471676.dkr.ecr.us-east-1.amazonaws.com/h2oai/university:1.0.0 google.golang.org/grpc:v1.49.0 ### Impact In affected releases of gRPC-Go, it is possible for an attacker to send HTTP/2 requests, cancel them, and send subseq[...]

To resolve this, we recommend the following approach:

  1. Install trivy (https://aquasecurity.github.io/trivy)
  2. Scan the current version of the image using a command like trivy image --scanners vuln --severity CRITICAL,HIGH --timeout 60m [...image address...]
  3. Validate that the CVEs are detected using trivy. The provided scans were taken using a different scanner (ECR), so the first step should be to validate that trivy can see them as well.
  4. Iterate to resolve the vulnerabilities. trivy enables you to scan the image without pushing them, so it should help in finding the resolution
  5. Test and publish the fix version, and let us know where we can find the fixed image(s) so we can validate the fixes on our side as well.
@codyharris-h2o-ai codyharris-h2o-ai added security Related to security chore Chores labels Mar 22, 2024
@mturoci
Copy link
Collaborator

mturoci commented Mar 27, 2024

@codyharris-h2o-ai most of these CVEs seem to come from base docker image (OS-level deps). Go CVEs will be addressed in #2294.

As for GHSA-2jv5-9r88-3w3p, Wave only forces minimum Starlette version meaning the latest (patched) one should be installable already.

@mturoci
Copy link
Collaborator

mturoci commented Apr 2, 2024

Closed by #2302.

@mturoci mturoci closed this as completed Apr 2, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
chore Chores security Related to security
Projects
None yet
Development

No branches or pull requests

2 participants