Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
chore: npm async < v2 not vulnerable to CVE-2021-43138
Per GHSA-fwr7-v2mv-hh25, versions prior to 2.0.0 are not vulnerable as the method didn't exist in prior versions. Full discussion on this one at github/advisory-database#1771 Signed-off-by: Weston Steimel <weston.steimel@anchore.com>
- Loading branch information
1 parent
a240fd6
commit 9976670
Showing
2 changed files
with
2 additions
and
2 deletions.
There are no files selected for viewing
2 changes: 1 addition & 1 deletion
2
...9ab838367373a49df723b324617b1ba6de775749d7f91d4/8871617e-bda1-4fe5-b121-e52957fb538c.json
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -1 +1 @@ | ||
{"ID": "8871617e-bda1-4fe5-b121-e52957fb538c", "effective_cve": "CVE-2021-43138", "image": {"exact": "docker.io/anchore/test_images@sha256:f56164678054e5eb59ab838367373a49df723b324617b1ba6de775749d7f91d4"}, "label": "TP", "package": {"name": "async", "version": "1.5.2"}, "timestamp": "2022-11-01T18:06:48+00:00", "tool": "grype@v0.51.0-7-gfcce63b", "user": "westonsteimel", "vulnerability_id": "CVE-2021-43138"} | ||
{"ID": "8871617e-bda1-4fe5-b121-e52957fb538c", "effective_cve": "CVE-2021-43138", "image": {"exact": "docker.io/anchore/test_images@sha256:f56164678054e5eb59ab838367373a49df723b324617b1ba6de775749d7f91d4"}, "label": "FP", "package": {"name": "async", "version": "1.5.2"}, "timestamp": "2022-11-01T18:06:48+00:00", "tool": "grype@v0.51.0-7-gfcce63b", "user": "westonsteimel", "vulnerability_id": "CVE-2021-43138"} |
2 changes: 1 addition & 1 deletion
2
...a5933279c48a912d010ef614551aeb0e44308600aa3e69f/64488f39-0cda-4ba8-9915-874595acca68.json
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -1 +1 @@ | ||
{"ID": "64488f39-0cda-4ba8-9915-874595acca68", "effective_cve": "CVE-2021-43138", "image": {"exact": "docker.io/ghost@sha256:42137b9bd1faf4cdea5933279c48a912d010ef614551aeb0e44308600aa3e69f"}, "label": "TP", "package": {"name": "async", "version": "0.9.2"}, "timestamp": "2022-11-01T21:49:28+00:00", "tool": "grype@v0.51.0", "user": "westonsteimel", "vulnerability_id": "CVE-2021-43138"} | ||
{"ID": "64488f39-0cda-4ba8-9915-874595acca68", "effective_cve": "CVE-2021-43138", "image": {"exact": "docker.io/ghost@sha256:42137b9bd1faf4cdea5933279c48a912d010ef614551aeb0e44308600aa3e69f"}, "label": "FP", "package": {"name": "async", "version": "0.9.2"}, "timestamp": "2022-11-01T21:49:28+00:00", "tool": "grype@v0.51.0", "user": "westonsteimel", "vulnerability_id": "CVE-2021-43138"} |