Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

CVE-2021-32760 in trivy binary #1226

Closed
4x0v7 opened this issue Sep 9, 2021 · 1 comment · Fixed by #1243
Closed

CVE-2021-32760 in trivy binary #1226

4x0v7 opened this issue Sep 9, 2021 · 1 comment · Fixed by #1243
Labels
kind/bug Categorizes issue or PR as related to a bug.

Comments

@4x0v7
Copy link

4x0v7 commented Sep 9, 2021
edited
Loading

Description

Failing pipeline example
https://gitlab.com/4x0v7/yamllint/-/jobs/1572999553

What did you expect to happen?

No CVEs detected

What happened instead?

CVE-2021-32760 detected in trivy binary

Output of run with -debug:

Step 3/5 : RUN wget -q -O - https://raw.githubusercontent.com/aquasecurity/trivy/main/contrib/install.sh | sh -s -- -b /usr/local/bin     && trivy --debug filesystem --exit-code 1 --no-progress /     && trivy --reset     && rm -rf /usr/local/bin/trivy     && rm -rf /root/.cache
 ---> Running in c751c0d62b09
aquasecurity/trivy info checking GitHub for latest tag
aquasecurity/trivy info found version: 0.19.2 for v0.19.2/Linux/64bit
aquasecurity/trivy info installed /usr/local/bin/trivy
2021-09-09T06:55:04.425Z	DEBUG	Severities: UNKNOWN,LOW,MEDIUM,HIGH,CRITICAL
2021-09-09T06:55:04.436Z	DEBUG	cache dir:  /root/.cache/trivy
2021-09-09T06:55:04.437Z	DEBUG	There is no valid metadata file: unable to open a file: open /root/.cache/trivy/db/metadata.json: no such file or directory
2021-09-09T06:55:04.438Z	INFO	Need to update DB
2021-09-09T06:55:04.438Z	INFO	Downloading DB...
2021-09-09T06:55:04.439Z	DEBUG	no metadata file
2021-09-09T06:55:04.634Z	DEBUG	release name: v1-2021090906
2021-09-09T06:55:04.634Z	DEBUG	asset name: trivy-light-offline.db.tgz
2021-09-09T06:55:04.635Z	DEBUG	file name doesn't match
2021-09-09T06:55:04.635Z	DEBUG	asset name: trivy-light.db.gz
2021-09-09T06:55:04.636Z	DEBUG	file name doesn't match
2021-09-09T06:55:04.636Z	DEBUG	asset name: trivy-offline.db.tgz
2021-09-09T06:55:04.637Z	DEBUG	file name doesn't match
2021-09-09T06:55:04.637Z	DEBUG	asset name: trivy.db.gz
2021-09-09T06:55:04.653Z	DEBUG	asset URL: https://github-releases.githubusercontent.com/216830441/c41e188d-cdcf-42e3-bb3f-bf13be35ced3?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=AKIAIWNJYAX4CSVEH53A%2F20210909%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20210909T065410Z&X-Amz-Expires=300&X-Amz-Signature=b1a55de6b122a5a22221d86fe9790aec04202ecc864b38a1f41a060f913f7d74&X-Amz-SignedHeaders=host&actor_id=0&key_id=0&repo_id=216830441&response-content-disposition=attachment%3B%20filename%3Dtrivy.db.gz&response-content-type=application%2Foctet-stream
2021-09-09T06:55:06.349Z	DEBUG	Updating database metadata...
2021-09-09T06:55:06.351Z	DEBUG	DB Schema: 1, Type: 1, UpdatedAt: 2021-09-09 06:05:22.068492507 +0000 UTC, NextUpdate: 2021-09-09 12:05:22.068492007 +0000 UTC, DownloadedAt: 2021-09-09 06:55:06.35083651 +0000 UTC
2021-09-09T06:55:06.351Z	DEBUG	Vulnerability type:  [os library]
2021-09-09T06:55:06.405Z	DEBUG	Analysis error: unable to parse usr/local/lib/python3.9/lib2to3/pgen2/token.py: failed to parse usr/local/lib/python3.9/lib2to3/pgen2/token.py: unrecognized executable format
2021-09-09T06:55:06.406Z	DEBUG	Analysis error: unable to parse usr/local/lib/python3.9/config-3.9-x86_64-linux-gnu/makesetup: failed to parse usr/local/lib/python3.9/config-3.9-x86_64-linux-gnu/makesetup: unrecognized executable format
2021-09-09T06:55:06.407Z	DEBUG	Analysis error: unable to parse usr/local/lib/python3.9/config-3.9-x86_64-linux-gnu/python-config.py: failed to parse usr/local/lib/python3.9/config-3.9-x86_64-linux-gnu/python-config.py: unrecognized executable format
2021-09-09T06:55:06.407Z	DEBUG	Analysis error: unable to parse usr/local/lib/python3.9/config-3.9-x86_64-linux-gnu/install-sh: failed to parse usr/local/lib/python3.9/config-3.9-x86_64-linux-gnu/install-sh: unrecognized executable format
2021-09-09T06:55:06.408Z	DEBUG	Analysis error: unable to parse usr/local/lib/python3.9/trace.py: failed to parse usr/local/lib/python3.9/trace.py: unrecognized executable format
2021-09-09T06:55:06.409Z	DEBUG	Analysis error: unable to parse usr/local/lib/python3.9/pdb.py: failed to parse usr/local/lib/python3.9/pdb.py: unrecognized executable format
2021-09-09T06:55:06.410Z	DEBUG	Analysis error: unable to parse usr/local/lib/python3.9/tarfile.py: failed to parse usr/local/lib/python3.9/tarfile.py: unrecognized executable format
2021-09-09T06:55:06.410Z	DEBUG	Analysis error: unable to parse etc/ssl/misc/tsget.pl: failed to parse etc/ssl/misc/tsget.pl: unrecognized executable format
2021-09-09T06:55:06.410Z	DEBUG	Analysis error: unable to parse etc/ssl/misc/CA.pl: failed to parse etc/ssl/misc/CA.pl: unrecognized executable format
2021-09-09T06:55:06.410Z	DEBUG	Analysis error: unable to parse etc/network/if-up.d/dad: failed to parse etc/network/if-up.d/dad: unrecognized executable format
2021-09-09T06:55:06.412Z	DEBUG	Analysis error: unable to parse etc/ca-certificates/update.d/certhash: failed to parse etc/ca-certificates/update.d/certhash: unrecognized executable format
2021-09-09T06:55:06.412Z	DEBUG	Analysis error: unable to parse usr/local/lib/python3.9/pydoc.py: failed to parse usr/local/lib/python3.9/pydoc.py: unrecognized executable format
2021-09-09T06:55:06.413Z	DEBUG	Analysis error: unable to parse usr/local/lib/python3.9/webbrowser.py: failed to parse usr/local/lib/python3.9/webbrowser.py: unrecognized executable format
2021-09-09T06:55:06.526Z	DEBUG	Analysis error: unable to parse usr/local/lib/python3.9/quopri.py: failed to parse usr/local/lib/python3.9/quopri.py: unrecognized executable format
2021-09-09T06:55:06.527Z	DEBUG	Analysis error: unable to parse usr/local/lib/python3.9/cProfile.py: failed to parse usr/local/lib/python3.9/cProfile.py: unrecognized executable format
2021-09-09T06:55:06.528Z	DEBUG	Analysis error: unable to parse usr/local/lib/python3.9/cgi.py: failed to parse usr/local/lib/python3.9/cgi.py: unrecognized executable format
2021-09-09T06:55:06.533Z	DEBUG	Analysis error: unable to parse usr/local/lib/python3.9/timeit.py: failed to parse usr/local/lib/python3.9/timeit.py: unrecognized executable format
2021-09-09T06:55:06.534Z	DEBUG	Analysis error: unable to parse usr/local/lib/python3.9/encodings/rot_13.py: failed to parse usr/local/lib/python3.9/encodings/rot_13.py: unrecognized executable format
2021-09-09T06:55:06.535Z	DEBUG	Analysis error: unable to parse usr/local/lib/python3.9/smtplib.py: failed to parse usr/local/lib/python3.9/smtplib.py: unrecognized executable format
2021-09-09T06:55:06.536Z	DEBUG	Analysis error: unable to parse usr/local/lib/python3.9/base64.py: failed to parse usr/local/lib/python3.9/base64.py: unrecognized executable format
2021-09-09T06:55:06.539Z	DEBUG	Analysis error: unable to parse usr/local/lib/python3.9/platform.py: failed to parse usr/local/lib/python3.9/platform.py: unrecognized executable format
2021-09-09T06:55:06.541Z	DEBUG	Analysis error: unable to parse usr/local/lib/python3.9/idlelib/pyshell.py: failed to parse usr/local/lib/python3.9/idlelib/pyshell.py: unrecognized executable format
2021-09-09T06:55:06.542Z	DEBUG	Analysis error: unable to parse usr/local/lib/python3.9/turtledemo/bytedesign.py: failed to parse usr/local/lib/python3.9/turtledemo/bytedesign.py: unrecognized executable format
2021-09-09T06:55:06.542Z	DEBUG	Analysis error: unable to parse usr/local/lib/python3.9/turtledemo/forest.py: failed to parse usr/local/lib/python3.9/turtledemo/forest.py: unrecognized executable format
2021-09-09T06:55:06.543Z	DEBUG	Analysis error: unable to parse usr/local/lib/python3.9/turtledemo/fractalcurves.py: failed to parse usr/local/lib/python3.9/turtledemo/fractalcurves.py: unrecognized executable format
2021-09-09T06:55:06.543Z	DEBUG	Analysis error: unable to parse usr/local/lib/python3.9/turtledemo/clock.py: failed to parse usr/local/lib/python3.9/turtledemo/clock.py: unrecognized executable format
2021-09-09T06:55:06.544Z	DEBUG	Analysis error: unable to parse usr/local/lib/python3.9/turtledemo/minimal_hanoi.py: failed to parse usr/local/lib/python3.9/turtledemo/minimal_hanoi.py: unrecognized executable format
2021-09-09T06:55:06.544Z	DEBUG	Analysis error: unable to parse usr/local/lib/python3.9/turtledemo/sorting_animate.py: failed to parse usr/local/lib/python3.9/turtledemo/sorting_animate.py: unrecognized executable format
2021-09-09T06:55:06.545Z	DEBUG	Analysis error: unable to parse usr/local/lib/python3.9/turtledemo/yinyang.py: failed to parse usr/local/lib/python3.9/turtledemo/yinyang.py: unrecognized executable format
2021-09-09T06:55:06.546Z	DEBUG	Analysis error: unable to parse usr/local/lib/python3.9/turtledemo/lindenmayer.py: failed to parse usr/local/lib/python3.9/turtledemo/lindenmayer.py: unrecognized executable format
2021-09-09T06:55:06.546Z	DEBUG	Analysis error: unable to parse usr/local/lib/python3.9/turtledemo/peace.py: failed to parse usr/local/lib/python3.9/turtledemo/peace.py: unrecognized executable format
2021-09-09T06:55:06.547Z	DEBUG	Analysis error: unable to parse usr/local/lib/python3.9/turtledemo/penrose.py: failed to parse usr/local/lib/python3.9/turtledemo/penrose.py: unrecognized executable format
2021-09-09T06:55:06.547Z	DEBUG	Analysis error: unable to parse usr/local/lib/python3.9/turtledemo/planet_and_moon.py: failed to parse usr/local/lib/python3.9/turtledemo/planet_and_moon.py: unrecognized executable format
2021-09-09T06:55:06.548Z	DEBUG	Analysis error: unable to parse usr/local/lib/python3.9/turtledemo/paint.py: failed to parse usr/local/lib/python3.9/turtledemo/paint.py: unrecognized executable format
2021-09-09T06:55:06.549Z	DEBUG	Analysis error: unable to parse usr/local/lib/python3.9/turtledemo/tree.py: failed to parse usr/local/lib/python3.9/turtledemo/tree.py: unrecognized executable format
2021-09-09T06:55:06.550Z	DEBUG	Analysis error: unable to parse usr/local/lib/python3.9/turtledemo/__main__.py: failed to parse usr/local/lib/python3.9/turtledemo/__main__.py: unrecognized executable format
2021-09-09T06:55:06.552Z	DEBUG	Analysis error: unable to parse usr/local/lib/python3.9/smtpd.py: failed to parse usr/local/lib/python3.9/smtpd.py: unrecognized executable format
2021-09-09T06:55:06.553Z	DEBUG	Analysis error: unable to parse usr/local/lib/python3.9/ctypes/macholib/fetch_macholib: failed to parse usr/local/lib/python3.9/ctypes/macholib/fetch_macholib: unrecognized executable format
2021-09-09T06:55:06.553Z	DEBUG	Analysis error: unable to parse usr/local/lib/python3.9/socket.py: failed to parse usr/local/lib/python3.9/socket.py: unrecognized executable format
2021-09-09T06:55:06.553Z	DEBUG	Analysis error: unable to parse usr/local/lib/python3.9/profile.py: failed to parse usr/local/lib/python3.9/profile.py: unrecognized executable format
2021-09-09T06:55:06.554Z	DEBUG	Analysis error: unable to parse usr/local/lib/python3.9/tabnanny.py: failed to parse usr/local/lib/python3.9/tabnanny.py: unrecognized executable format
2021-09-09T06:55:06.609Z	DEBUG	Analysis error: unable to parse usr/local/lib/python3.9/uu.py: failed to parse usr/local/lib/python3.9/uu.py: unrecognized executable format
2021-09-09T06:55:06.619Z	DEBUG	Analysis error: unable to parse usr/local/bin/2to3-3.9: failed to parse usr/local/bin/2to3-3.9: unrecognized executable format
2021-09-09T06:55:06.643Z	DEBUG	Analysis error: unable to parse usr/local/bin/normalizer: failed to parse usr/local/bin/normalizer: unrecognized executable format
2021-09-09T06:55:06.645Z	DEBUG	Analysis error: unable to parse usr/bin/ldd: failed to parse usr/bin/ldd: unrecognized executable format
2021-09-09T06:55:06.661Z	DEBUG	Analysis error: unable to parse usr/share/udhcpc/default.script: failed to parse usr/share/udhcpc/default.script: unrecognized executable format
2021-09-09T06:55:06.664Z	DEBUG	Analysis error: unable to parse usr/local/bin/yamllint: failed to parse usr/local/bin/yamllint: unrecognized executable format
2021-09-09T06:55:06.665Z	DEBUG	Analysis error: unable to parse usr/local/bin/wheel: failed to parse usr/local/bin/wheel: unrecognized executable format
2021-09-09T06:55:06.665Z	DEBUG	Analysis error: unable to parse usr/local/bin/pip3.9: failed to parse usr/local/bin/pip3.9: unrecognized executable format
2021-09-09T06:55:06.665Z	DEBUG	Analysis error: unable to parse usr/local/bin/pip: failed to parse usr/local/bin/pip: unrecognized executable format
2021-09-09T06:55:06.666Z	DEBUG	Analysis error: unable to parse usr/local/bin/pip3: failed to parse usr/local/bin/pip3: unrecognized executable format
2021-09-09T06:55:06.666Z	DEBUG	Analysis error: unable to parse usr/local/bin/python3.9-config: failed to parse usr/local/bin/python3.9-config: unrecognized executable format
2021-09-09T06:55:06.667Z	DEBUG	Analysis error: unable to parse usr/local/bin/idle3.9: failed to parse usr/local/bin/idle3.9: unrecognized executable format
2021-09-09T06:55:06.667Z	DEBUG	Analysis error: unable to parse usr/local/bin/pydoc3.9: failed to parse usr/local/bin/pydoc3.9: unrecognized executable format
2021-09-09T06:55:06.737Z	DEBUG	Analysis error: unable to parse .dockerenv: failed to parse .dockerenv: EOF
2021-09-09T06:55:06.757Z	DEBUG	Analysis error: unable to parse sbin/ldconfig: failed to parse sbin/ldconfig: unrecognized executable format
2021-09-09T06:55:06.808Z	INFO	Detected OS: alpine
2021-09-09T06:55:06.809Z	INFO	Detecting Alpine vulnerabilities...
2021-09-09T06:55:06.809Z	DEBUG	alpine: os version: 3.14
2021-09-09T06:55:06.810Z	DEBUG	alpine: the number of packages: 36
2021-09-09T06:55:06.811Z	INFO	Number of language-specific files: 1
2021-09-09T06:55:06.812Z	INFO	Detecting gobinary vulnerabilities...
2021-09-09T06:55:06.812Z	DEBUG	Detecting library vulnerabilities, type: gobinary, path: usr/local/bin/trivy
c751c0d62b09 (alpine 3.14.2)
============================
Total: 0 (UNKNOWN: 0, LOW: 0, MEDIUM: 0, HIGH: 0, CRITICAL: 0)
usr/local/bin/trivy (gobinary)
==============================
Total: 1 (UNKNOWN: 0, LOW: 0, MEDIUM: 1, HIGH: 0, CRITICAL: 0)
+----------------------------------+------------------+----------+-------------------+----------------+---------------------------------------+
|             LIBRARY              | VULNERABILITY ID | SEVERITY | INSTALLED VERSION | FIXED VERSION  |                 TITLE                 |
+----------------------------------+------------------+----------+-------------------+----------------+---------------------------------------+
| github.com/containerd/containerd | CVE-2021-32760   | MEDIUM   | v1.4.4            | v1.4.8, v1.5.4 | containerd: pulling and               |
|                                  |                  |          |                   |                | extracting crafted container          |
|                                  |                  |          |                   |                | image may result in Unix file...      |
|                                  |                  |          |                   |                | -->avd.aquasec.com/nvd/cve-2021-32760 |
+----------------------------------+------------------+----------+-------------------+----------------+---------------------------------------+
The command '/bin/sh -c wget -q -O - https://raw.githubusercontent.com/aquasecurity/trivy/main/contrib/install.sh | sh -s -- -b /usr/local/bin     && trivy --debug filesystem --exit-code 1 --no-progress /     && trivy --reset     && rm -rf /usr/local/bin/trivy     && rm -rf /root/.cache' returned a non-zero code: 1

Output of trivy -v:

0.19.2

Additional details (base image name, container registry info...):
@4x0v7 4x0v7 added the kind/bug Categorizes issue or PR as related to a bug. label Sep 9, 2021
@BenoitKnecht
Copy link

The container image itself also contains vulnerabilities, some of which are critical:

$ podman run --rm ghcr.io/aquasecurity/trivy:0.19.2 fs --no-progress /
2021-09-14T06:14:57.874Z	INFO	Need to update DB
2021-09-14T06:14:57.874Z	INFO	Downloading DB...
2021-09-14T06:15:00.972Z	INFO	Detected OS: alpine
2021-09-14T06:15:00.972Z	INFO	Detecting Alpine vulnerabilities...
2021-09-14T06:15:00.976Z	INFO	Number of language-specific files: 1
2021-09-14T06:15:00.977Z	INFO	Detecting gobinary vulnerabilities...

d9c16c397247 (alpine 3.14.0)
============================
Total: 9 (UNKNOWN: 0, LOW: 1, MEDIUM: 3, HIGH: 2, CRITICAL: 3)

+--------------+------------------+----------+-------------------+---------------+---------------------------------------+
|   LIBRARY    | VULNERABILITY ID | SEVERITY | INSTALLED VERSION | FIXED VERSION |                 TITLE                 |
+--------------+------------------+----------+-------------------+---------------+---------------------------------------+
| apk-tools    | CVE-2021-36159   | CRITICAL | 2.12.5-r1         | 2.12.6-r0     | libfetch before 2021-07-26, as        |
|              |                  |          |                   |               | used in apk-tools, xbps, and          |
|              |                  |          |                   |               | other products, mishandles...         |
|              |                  |          |                   |               | -->avd.aquasec.com/nvd/cve-2021-36159 |
+--------------+------------------+          +-------------------+---------------+---------------------------------------+
| libcrypto1.1 | CVE-2021-3711    |          | 1.1.1k-r0         | 1.1.1l-r0     | openssl: SM2 Decryption               |
|              |                  |          |                   |               | Buffer Overflow                       |
|              |                  |          |                   |               | -->avd.aquasec.com/nvd/cve-2021-3711  |
+              +------------------+----------+                   +               +---------------------------------------+
|              | CVE-2021-3712    | HIGH     |                   |               | openssl: Read buffer overruns         |
|              |                  |          |                   |               | processing ASN.1 strings              |
|              |                  |          |                   |               | -->avd.aquasec.com/nvd/cve-2021-3712  |
+--------------+------------------+----------+-------------------+---------------+---------------------------------------+
| libcurl      | CVE-2021-22922   | MEDIUM   | 7.77.0-r1         | 7.78.0-r0     | curl: Content not matching hash       |
|              |                  |          |                   |               | in Metalink is not being discarded    |
|              |                  |          |                   |               | -->avd.aquasec.com/nvd/cve-2021-22922 |
+              +------------------+          +                   +               +---------------------------------------+
|              | CVE-2021-22923   |          |                   |               | curl: Metalink download               |
|              |                  |          |                   |               | sends credentials                     |
|              |                  |          |                   |               | -->avd.aquasec.com/nvd/cve-2021-22923 |
+              +------------------+          +                   +               +---------------------------------------+
|              | CVE-2021-22925   |          |                   |               | curl: Incorrect fix for               |
|              |                  |          |                   |               | CVE-2021-22898 TELNET                 |
|              |                  |          |                   |               | stack contents disclosure             |
|              |                  |          |                   |               | -->avd.aquasec.com/nvd/cve-2021-22925 |
+              +------------------+----------+                   +               +---------------------------------------+
|              | CVE-2021-22924   | LOW      |                   |               | curl: Bad connection reuse            |
|              |                  |          |                   |               | due to flawed path name checks        |
|              |                  |          |                   |               | -->avd.aquasec.com/nvd/cve-2021-22924 |
+--------------+------------------+----------+-------------------+---------------+---------------------------------------+
| libssl1.1    | CVE-2021-3711    | CRITICAL | 1.1.1k-r0         | 1.1.1l-r0     | openssl: SM2 Decryption               |
|              |                  |          |                   |               | Buffer Overflow                       |
|              |                  |          |                   |               | -->avd.aquasec.com/nvd/cve-2021-3711  |
+              +------------------+----------+                   +               +---------------------------------------+
|              | CVE-2021-3712    | HIGH     |                   |               | openssl: Read buffer overruns         |
|              |                  |          |                   |               | processing ASN.1 strings              |
|              |                  |          |                   |               | -->avd.aquasec.com/nvd/cve-2021-3712  |
+--------------+------------------+----------+-------------------+---------------+---------------------------------------+

usr/local/bin/trivy (gobinary)
==============================
Total: 1 (UNKNOWN: 0, LOW: 0, MEDIUM: 1, HIGH: 0, CRITICAL: 0)

+----------------------------------+------------------+----------+-------------------+----------------+---------------------------------------+
|             LIBRARY              | VULNERABILITY ID | SEVERITY | INSTALLED VERSION | FIXED VERSION  |                 TITLE                 |
+----------------------------------+------------------+----------+-------------------+----------------+---------------------------------------+
| github.com/containerd/containerd | CVE-2021-32760   | MEDIUM   | v1.4.4            | v1.4.8, v1.5.4 | containerd: pulling and               |
|                                  |                  |          |                   |                | extracting crafted container          |
|                                  |                  |          |                   |                | image may result in Unix file...      |
|                                  |                  |          |                   |                | -->avd.aquasec.com/nvd/cve-2021-32760 |
+----------------------------------+------------------+----------+-------------------+----------------+---------------------------------------+

Same with ghcr.io/aquasecurity/trivy:latest.

xeaon added a commit to xeaon/trivy that referenced this issue Sep 17, 2021
@xeaon
use patched alpine baseimage
1a3030b 
Bump alpine baseimage to 3.14.2 to get rid of most of the vulnerabilities, except CVE-2021-32760  in `usr/local/bin/trivy (gobinary)` (ofc)

This fixes aquasecurity#1226
@xeaon xeaon mentioned this issue Sep 17, 2021
Closed
AndreyLevchenko added a commit to AndreyLevchenko/trivy that referenced this issue Sep 17, 2021
@AndreyLevchenko
fix(deps): fix CVE-2021-32760 for github.com/containerd/containerd
b2afcf2 
Closes aquasecurity#1226
@AndreyLevchenko AndreyLevchenko mentioned this issue Sep 17, 2021
Merged
knqyf263 pushed a commit that referenced this issue Sep 19, 2021
@AndreyLevchenko
fix(deps): fix CVE-2021-32760 for github.com/containerd/containerd (#…
cc6c67d 
…1243)

Closes #1226
liamg pushed a commit that referenced this issue Jun 7, 2022
@AndreyLevchenko
fix(deps): fix CVE-2021-32760 for github.com/containerd/containerd (#…
be06ea5 
…1243)

Closes #1226
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
kind/bug Categorizes issue or PR as related to a bug.
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

fix(deps): fix CVE-2021-32760 for github.com/containerd/containerd AndreyLevchenko/trivy
2 participants
@BenoitKnecht @4x0v7