Skip to content

Commit

Permalink
chore: npm async < v2 not vulnerable to CVE-2021-43138 (#56)
Browse files Browse the repository at this point in the history 
Per GHSA-fwr7-v2mv-hh25, versions prior to 2.0.0 are not vulnerable as
the method didn't exist in prior versions.  Full discussion on this one
at github/advisory-database#1771

Signed-off-by: Weston Steimel <weston.steimel@anchore.com>
  • Loading branch information
@westonsteimel
westonsteimel committed Mar 13, 2023
1 parent 763ca18 commit 7ec8bd3
Show file tree
Hide file tree
Showing 2 changed files with 2 additions and 2 deletions.
2 changes: 1 addition & 1 deletion ...9ab838367373a49df723b324617b1ba6de775749d7f91d4/8871617e-bda1-4fe5-b121-e52957fb538c.json
View file
@@ -1 +1 @@
{"ID": "8871617e-bda1-4fe5-b121-e52957fb538c", "effective_cve": "CVE-2021-43138", "image": {"exact": "docker.io/anchore/test_images@sha256:f56164678054e5eb59ab838367373a49df723b324617b1ba6de775749d7f91d4"}, "label": "TP", "package": {"name": "async", "version": "1.5.2"}, "timestamp": "2022-11-01T18:06:48+00:00", "tool": "grype@v0.51.0-7-gfcce63b", "user": "westonsteimel", "vulnerability_id": "CVE-2021-43138"}
{"ID": "8871617e-bda1-4fe5-b121-e52957fb538c", "effective_cve": "CVE-2021-43138", "image": {"exact": "docker.io/anchore/test_images@sha256:f56164678054e5eb59ab838367373a49df723b324617b1ba6de775749d7f91d4"}, "label": "FP", "package": {"name": "async", "version": "1.5.2"}, "timestamp": "2022-11-01T18:06:48+00:00", "tool": "grype@v0.51.0-7-gfcce63b", "user": "westonsteimel", "vulnerability_id": "CVE-2021-43138"}
2 changes: 1 addition & 1 deletion ...a5933279c48a912d010ef614551aeb0e44308600aa3e69f/64488f39-0cda-4ba8-9915-874595acca68.json
View file
@@ -1 +1 @@
{"ID": "64488f39-0cda-4ba8-9915-874595acca68", "effective_cve": "CVE-2021-43138", "image": {"exact": "docker.io/ghost@sha256:42137b9bd1faf4cdea5933279c48a912d010ef614551aeb0e44308600aa3e69f"}, "label": "TP", "package": {"name": "async", "version": "0.9.2"}, "timestamp": "2022-11-01T21:49:28+00:00", "tool": "grype@v0.51.0", "user": "westonsteimel", "vulnerability_id": "CVE-2021-43138"}
{"ID": "64488f39-0cda-4ba8-9915-874595acca68", "effective_cve": "CVE-2021-43138", "image": {"exact": "docker.io/ghost@sha256:42137b9bd1faf4cdea5933279c48a912d010ef614551aeb0e44308600aa3e69f"}, "label": "FP", "package": {"name": "async", "version": "0.9.2"}, "timestamp": "2022-11-01T21:49:28+00:00", "tool": "grype@v0.51.0", "user": "westonsteimel", "vulnerability_id": "CVE-2021-43138"}

0 comments on commit 7ec8bd3

Please sign in to comment.