From 7ec8bd3a64d0a6cc79f33ef01797abd66c9cf43e Mon Sep 17 00:00:00 2001 From: Weston Steimel Date: Mon, 13 Mar 2023 13:42:13 +0000 Subject: [PATCH] chore: npm async < v2 not vulnerable to CVE-2021-43138 (#56) Per GHSA-fwr7-v2mv-hh25, versions prior to 2.0.0 are not vulnerable as the method didn't exist in prior versions. Full discussion on this one at https://github.com/github/advisory-database/pull/1771 Signed-off-by: Weston Steimel --- .../8871617e-bda1-4fe5-b121-e52957fb538c.json | 2 +- .../64488f39-0cda-4ba8-9915-874595acca68.json | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/labels/docker.io+anchore+test_images@sha256:f56164678054e5eb59ab838367373a49df723b324617b1ba6de775749d7f91d4/8871617e-bda1-4fe5-b121-e52957fb538c.json b/labels/docker.io+anchore+test_images@sha256:f56164678054e5eb59ab838367373a49df723b324617b1ba6de775749d7f91d4/8871617e-bda1-4fe5-b121-e52957fb538c.json index 5adbcdce..a00b75b4 100644 --- a/labels/docker.io+anchore+test_images@sha256:f56164678054e5eb59ab838367373a49df723b324617b1ba6de775749d7f91d4/8871617e-bda1-4fe5-b121-e52957fb538c.json +++ b/labels/docker.io+anchore+test_images@sha256:f56164678054e5eb59ab838367373a49df723b324617b1ba6de775749d7f91d4/8871617e-bda1-4fe5-b121-e52957fb538c.json @@ -1 +1 @@ -{"ID": "8871617e-bda1-4fe5-b121-e52957fb538c", "effective_cve": "CVE-2021-43138", "image": {"exact": "docker.io/anchore/test_images@sha256:f56164678054e5eb59ab838367373a49df723b324617b1ba6de775749d7f91d4"}, "label": "TP", "package": {"name": "async", "version": "1.5.2"}, "timestamp": "2022-11-01T18:06:48+00:00", "tool": "grype@v0.51.0-7-gfcce63b", "user": "westonsteimel", "vulnerability_id": "CVE-2021-43138"} \ No newline at end of file +{"ID": "8871617e-bda1-4fe5-b121-e52957fb538c", "effective_cve": "CVE-2021-43138", "image": {"exact": "docker.io/anchore/test_images@sha256:f56164678054e5eb59ab838367373a49df723b324617b1ba6de775749d7f91d4"}, "label": "FP", "package": {"name": "async", "version": "1.5.2"}, "timestamp": "2022-11-01T18:06:48+00:00", "tool": "grype@v0.51.0-7-gfcce63b", "user": "westonsteimel", "vulnerability_id": "CVE-2021-43138"} \ No newline at end of file diff --git a/labels/docker.io+ghost@sha256:42137b9bd1faf4cdea5933279c48a912d010ef614551aeb0e44308600aa3e69f/64488f39-0cda-4ba8-9915-874595acca68.json b/labels/docker.io+ghost@sha256:42137b9bd1faf4cdea5933279c48a912d010ef614551aeb0e44308600aa3e69f/64488f39-0cda-4ba8-9915-874595acca68.json index 3225d20c..e6f25dcb 100644 --- a/labels/docker.io+ghost@sha256:42137b9bd1faf4cdea5933279c48a912d010ef614551aeb0e44308600aa3e69f/64488f39-0cda-4ba8-9915-874595acca68.json +++ b/labels/docker.io+ghost@sha256:42137b9bd1faf4cdea5933279c48a912d010ef614551aeb0e44308600aa3e69f/64488f39-0cda-4ba8-9915-874595acca68.json @@ -1 +1 @@ -{"ID": "64488f39-0cda-4ba8-9915-874595acca68", "effective_cve": "CVE-2021-43138", "image": {"exact": "docker.io/ghost@sha256:42137b9bd1faf4cdea5933279c48a912d010ef614551aeb0e44308600aa3e69f"}, "label": "TP", "package": {"name": "async", "version": "0.9.2"}, "timestamp": "2022-11-01T21:49:28+00:00", "tool": "grype@v0.51.0", "user": "westonsteimel", "vulnerability_id": "CVE-2021-43138"} \ No newline at end of file +{"ID": "64488f39-0cda-4ba8-9915-874595acca68", "effective_cve": "CVE-2021-43138", "image": {"exact": "docker.io/ghost@sha256:42137b9bd1faf4cdea5933279c48a912d010ef614551aeb0e44308600aa3e69f"}, "label": "FP", "package": {"name": "async", "version": "0.9.2"}, "timestamp": "2022-11-01T21:49:28+00:00", "tool": "grype@v0.51.0", "user": "westonsteimel", "vulnerability_id": "CVE-2021-43138"} \ No newline at end of file