Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

[fix] Resolve Vulnerable packages #1486

Merged
merged 1 commit into from
Dec 16, 2022

Conversation

rahulchheda
Copy link
Contributor

Signed-off-by: Rahul M Chheda rahul.chheda@accurics.com

@rahulchheda rahulchheda requested review from a team and bkizer-tenable as code owners December 13, 2022 13:29
@rahulchheda
Copy link
Contributor Author

✗ High severity vulnerability found in golang.org/x/net/http2
  Description: Denial of Service
  Info: https://security.snyk.io/vuln/SNYK-GOLANG-GOLANGORGXNETHTTP2-3028257
  Introduced through: golang.org/x/net/http2@v0.0.0-20220722155237-a158d28d115b
  From: golang.org/x/net/http2@v0.0.0-20220722155237-a158d28d115b
  Fixed in: 0.0.0-20220906165146-f3363e06e74c, 1.18.6, 1.19.1

✗ High severity vulnerability found in golang.org/x/net/http2
  Description: Denial of Service (DoS)
  Info: https://security.snyk.io/vuln/SNYK-GOLANG-GOLANGORGXNETHTTP2-3160322
  Introduced through: golang.org/x/net/http2@v0.0.0-20220722155237-a158d28d115b
  From: golang.org/x/net/http2@v0.0.0-20220722155237-a158d28d115b
  Fixed in: 0.4.0

✗ High severity vulnerability found in golang.org/x/crypto/ssh
  Description: Denial of Service (DoS)
  Info: https://security.snyk.io/vuln/SNYK-GOLANG-GOLANGORGXCRYPTOSSH-3026972
  Introduced through: golang.org/x/crypto/ssh@v0.0.0-20210921155107-089bfa567519
  From: golang.org/x/crypto/ssh@v0.0.0-20210921155107-089bfa567519
  Fixed in: 0.0.0-20211202192323-5770296d904e

✗ High severity vulnerability found in github.com/open-policy-agent/opa/ast
  Description: Denial of Service (DoS)
  Info: https://security.snyk.io/vuln/SNYK-GOLANG-GITHUBCOMOPENPOLICYAGENTOPAAST-2840626
  Introduced through: github.com/open-policy-agent/opa/ast@v0.22.0
  From: github.com/open-policy-agent/opa/ast@v0.22.0
  Fixed in: 0.40.0

✗ High severity vulnerability found in github.com/hashicorp/go-getter
  Description: Command Injection
  Info: https://security.snyk.io/vuln/SNYK-GOLANG-GITHUBCOMHASHICORPGOGETTER-2421223
  Introduced through: github.com/hashicorp/go-getter@v1.5.11
  From: github.com/hashicorp/go-getter@v1.5.11
  Fixed in: 1.6.1, 2.1.0

✗ High severity vulnerability found in github.com/hashicorp/go-getter
  Description: Privilege Escalation
  Info: https://security.snyk.io/vuln/SNYK-GOLANG-GITHUBCOMHASHICORPGOGETTER-2847924
  Introduced through: github.com/hashicorp/go-getter@v1.5.11
  From: github.com/hashicorp/go-getter@v1.5.11
  Fixed in: 1.6.1, 2.1.0

✗ High severity vulnerability found in github.com/hashicorp/go-getter
  Description: Privilege Escalation
  Info: https://security.snyk.io/vuln/SNYK-GOLANG-GITHUBCOMHASHICORPGOGETTER-2847925
  Introduced through: github.com/hashicorp/go-getter@v1.5.11
  From: github.com/hashicorp/go-getter@v1.5.11
  Fixed in: 1.6.1, 2.1.0

✗ High severity vulnerability found in github.com/hashicorp/go-getter
  Description: Privilege Escalation
  Info: https://security.snyk.io/vuln/SNYK-GOLANG-GITHUBCOMHASHICORPGOGETTER-2847926
  Introduced through: github.com/hashicorp/go-getter@v1.5.11
  From: github.com/hashicorp/go-getter@v1.5.11
  Fixed in: 1.6.1, 2.1.0

will resolve these vulns

@rahulchheda rahulchheda force-pushed the fix/vulns-pkgs0upgrade branch from d76213e to 7dd9bc5 Compare December 15, 2022 18:10
Signed-off-by: Rahul M Chheda <rahul.chheda@accurics.com>
@rahulchheda rahulchheda force-pushed the fix/vulns-pkgs0upgrade branch from 7dd9bc5 to a0a9789 Compare December 15, 2022 18:13
@sonarcloud
Copy link

sonarcloud bot commented Dec 15, 2022

Kudos, SonarCloud Quality Gate passed!    Quality Gate passed

Bug A 0 Bugs
Vulnerability A 0 Vulnerabilities
Security Hotspot A 0 Security Hotspots
Code Smell A 0 Code Smells

No Coverage information No Coverage information
No Duplication information No Duplication information

@Rchanger Rchanger merged commit 48f78e3 into tenable:master Dec 16, 2022
@rahulchheda rahulchheda deleted the fix/vulns-pkgs0upgrade branch December 16, 2022 07:16
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

3 participants