You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
according to trivy sapcc/mosquitto-exporter has some vulnerabilities in go libraries:
┌─────────────────────────────────────┬────────────────┬──────────┬────────────────────────────────────┬───────────────────────────────────┬──────────────────────────────────────────────────────────────┐
│ Library │ Vulnerability │ Severity │ Installed Version │ Fixed Version │ Title │
├─────────────────────────────────────┼────────────────┼──────────┼────────────────────────────────────┼───────────────────────────────────┼──────────────────────────────────────────────────────────────┤
│ github.com/prometheus/client_golang │ CVE-2022-21698 │ HIGH │ v1.11.0 │ 1.11.1 │ prometheus/client_golang: Denial of service using │
│ │ │ │ │ │ InstrumentHandlerCounter │
│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-21698 │
├─────────────────────────────────────┼────────────────┼──────────┼────────────────────────────────────┼───────────────────────────────────┼──────────────────────────────────────────────────────────────┤
│ golang.org/x/net │ CVE-2021-33194 │ HIGH │ v0.0.0-20200625001655-4c5254603344 │ 0.0.0-20210520170846-37e1c6afe023 │ golang: x/net/html: infinite loop in ParseFragment │
│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2021-33194 │
├─────────────────────────────────────┼────────────────┼──────────┼────────────────────────────────────┼───────────────────────────────────┼──────────────────────────────────────────────────────────────┤
│ golang.org/x/net │ CVE-2021-44716 │ HIGH │ v0.0.0-20200625001655-4c5254603344 │ 0.0.0-20211209124913-491a49abca63 │ golang: net/http: limit growth of header canonicalization │
│ │ │ │ │ │ cache │
│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2021-44716 │
│ ├────────────────┼──────────┤ ├───────────────────────────────────┼──────────────────────────────────────────────────────────────┤
│ │ CVE-2021-31525 │ MEDIUM │ │ 0.0.0-20210428140749-89ef3d95e781 │ golang: net/http: panic in ReadRequest and ReadResponse when │
│ │ │ │ │ │ reading a very large... │
│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2021-31525 │
├─────────────────────────────────────┼────────────────┼──────────┼────────────────────────────────────┼───────────────────────────────────┼──────────────────────────────────────────────────────────────┤
│ golang.org/x/sys │ CVE-2022-29526 │ MEDIUM │ v0.0.0-20210603081109-ebe580a85c40 │ 0.0.0-20220412211240-33da011f77ad │ golang: syscall: faccessat checks wrong group │
│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-29526 │
└─────────────────────────────────────┴────────────────┴──────────┴────────────────────────────────────┴───────────────────────────────────┴──────────────────────────────────────────────────────────────┘
way to reproduce:
trivy image sapcc/mosquitto-exporter
2022-07-29T12:45:33.719+0200 INFO Need to update DB
2022-07-29T12:45:33.719+0200 INFO DB Repository: ghcr.io/aquasecurity/triv y-db
2022-07-29T12:45:33.719+0200 INFO Downloading DB...
33.27 MiB / 33.27 MiB [------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------] 100.00% 24.07 MiB p/s 1.6s
2022-07-29T12:45:36.525+0200 INFO Vulnerability scanning is enabled
2022-07-29T12:45:36.525+0200 INFO Secret scanning is enabled
2022-07-29T12:45:36.525+0200 INFO If your scanning is slow, please try '--security-checks vuln' to disable secret scanning
2022-07-29T12:45:36.525+0200 INFO Please see also https://aquasecurity.github.io/trivy/v0.29.2/docs/secret/scanning/#recommendation for faster secret detection
2022-07-29T12:45:38.557+0200 INFO Number of language-specific files: 1
2022-07-29T12:45:38.557+0200 INFO Detecting gobinary vulnerabilities...
Hello,
according to trivy sapcc/mosquitto-exporter has some vulnerabilities in go libraries:
way to reproduce:
trivy can be found here: https://github.com/aquasecurity/trivy
can someone update the go libraries ?
thanks!
The text was updated successfully, but these errors were encountered: