Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Security Update #41

Open
francescocapuano opened this issue Jan 16, 2023 · 0 comments
Open

Security Update #41

francescocapuano opened this issue Jan 16, 2023 · 0 comments

Comments

@francescocapuano
Copy link

Hello,
in the meantime thank you very much for the great tool.
Our container security scanning tool (Trivy) shows few security issues caused by the frep tool.
Could you update the package below?
Thank you very much in advance
Francesco

<style> </style>
Vulnerability: CVE-2020-29652
Severity: High
nvd: 7.5
redhat: 7.5
Package: golang.org/x/crypto
Current Version: v0.0.0-20190308221718-c2843e01d9a2
Fixed in Version: 0.0.0-20201216223049-8b5274cf687f
   
Vulnerability: CVE-2020-7919
Severity: High
nvd: 7.5
redhat: 7.5
Package: golang.org/x/crypto
Current Version: v0.0.0-20190308221718-c2843e01d9a2
Fixed in Version: 0.0.0-20200124225646-8b5121be2f68
   
Vulnerability: CVE-2020-9283
Severity: High
nvd: 7.5
redhat: 7.5
Package: golang.org/x/crypto
Current Version: v0.0.0-20190308221718-c2843e01d9a2
Fixed in Version: 0.0.0-20200220183623-bac4c82f6975
   
Vulnerability: CVE-2021-43565
Severity: High
nvd: 7.5
redhat: 7.5
Package: golang.org/x/crypto
Current Version: v0.0.0-20190308221718-c2843e01d9a2
Fixed in Version: 0.0.0-20211202192323-5770296d904e
   
Vulnerability: CVE-2022-27191
Severity: High
nvd: 7.5
redhat: 7.5
Package: golang.org/x/crypto
Current Version: v0.0.0-20190308221718-c2843e01d9a2
Fixed in Version: 0.0.0-20220314234659-1baeb1ce4c0b
   
Vulnerability: CVE-2020-8911
Severity: Medium
nvd: 5.6
redhat: 5.6
Package: github.com/aws/aws-sdk-go
Current Version: v1.30.29
Fixed in Version:  
   
Vulnerability: CVE-2019-11254
Severity: Medium
nvd: 6.5
redhat: 6.5
Package: github.com/go-yaml/yaml
Current Version: v2.1.0+incompatible
Fixed in Version:  
   
Vulnerability: CVE-2019-11840
Severity: Medium
nvd: 5.9
redhat: 5.9
Package: golang.org/x/crypto
Current Version: v0.0.0-20190308221718-c2843e01d9a2
Fixed in Version: 0.0.0-20190320223903-b7391e95e576
   
Vulnerability: CVE-2021-4235
Severity:  
nvd:  
redhat: github.com/go-yaml/yaml
Package:  
Current Version: v2.1.0+incompatibleNo
Fixed in Version:  
   
Vulnerability: CVE-2022-2582
Severity:  
nvd:  
redhat:  
Package: github.com/aws/aws-sdk-go
Current Version: v1.30.29
Fixed in Version:  
   
Vulnerability: CVE-2020-8912
Severity: Low
nvd: 2.5
redhat: 2.5
Package: github.com/aws/aws-sdk-go
Current Version: v1.30.29
Fixed in Version:  

Vulnerability: CVE-2020-29652
Severity: High
nvd: 7.5
redhat: 7.5
Package: golang.org/x/crypto
Current Version: v0.0.0-20190308221718-c2843e01d9a2
Fixed in Version:  0.0.0-20201216223049-8b5274cf687f

Vulnerability: CVE-2020-7919
Severity: High
nvd: 7.5
redhat: 7.5
Package: golang.org/x/crypto
Current Version: v0.0.0-20190308221718-c2843e01d9a2
Fixed in Version:  0.0.0-20200124225646-8b5121be2f68

Vulnerability: CVE-2020-9283
Severity: High
nvd: 7.5
redhat: 7.5
Package: golang.org/x/crypto
Current Version: v0.0.0-20190308221718-c2843e01d9a2
Fixed in Version:  0.0.0-20200220183623-bac4c82f6975

Vulnerability: CVE-2021-43565
Severity: High
nvd: 7.5
redhat: 7.5
Package: golang.org/x/crypto
Current Version: v0.0.0-20190308221718-c2843e01d9a2
Fixed in Version:  0.0.0-20211202192323-5770296d904e

Vulnerability: CVE-2022-27191
Severity: High
nvd: 7.5
redhat: 7.5
Package: golang.org/x/crypto
Current Version: v0.0.0-20190308221718-c2843e01d9a2
Fixed in Version:  0.0.0-20220314234659-1baeb1ce4c0b

Vulnerability: CVE-2020-8911
Severity: Medium
nvd: 5.6
redhat: 5.6
Package: github.com/aws/aws-sdk-go
Current Version: v1.30.29
Fixed in Version:

Vulnerability: CVE-2019-11254
Severity: Medium
nvd: 6.5
redhat: 6.5
Package: github.com/go-yaml/yaml
Current Version: v2.1.0+incompatible
Fixed in Version:

Vulnerability: CVE-2019-11840
Severity: Medium
nvd: 5.9
redhat: 5.9
Package: golang.org/x/crypto
Current Version: v0.0.0-20190308221718-c2843e01d9a2
Fixed in Version:  0.0.0-20190320223903-b7391e95e576

Vulnerability: CVE-2021-4235
Severity:
nvd:
redhat: github.com/go-yaml/yaml
Package:
Current Version: v2.1.0+incompatibleNo
Fixed in Version:

Vulnerability: CVE-2022-2582
Severity:
nvd:
redhat:
Package: github.com/aws/aws-sdk-go
Current Version: v1.30.29
Fixed in Version:

Vulnerability: CVE-2020-8912
Severity: Low
nvd: 2.5
redhat: 2.5
Package: github.com/aws/aws-sdk-go
Current Version: v1.30.29
Fixed in Version:

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

No branches or pull requests

1 participant