We read every piece of feedback, and take your input very seriously.
To see all available qualifiers, see our documentation.
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
The following trivy scan results show fixable vulnerabilities:
Total: 9 (UNKNOWN: 0, LOW: 0, MEDIUM: 6, HIGH: 3, CRITICAL: 0) ┌─────────────────────────────────────────────────────────────┬────────────────┬──────────┬────────┬───────────────────┬────────────────────────┬─────────────────────────────────────────────────────────────┐ │ Library │ Vulnerability │ Severity │ Status │ Installed Version │ Fixed Version │ Title │ ├─────────────────────────────────────────────────────────────┼────────────────┼──────────┼────────┼───────────────────┼────────────────────────┼─────────────────────────────────────────────────────────────┤ │ ch.qos.logback:logback-classic (logback-classic-1.2.10.jar) │ CVE-2023-6378 │ HIGH │ fixed │ 1.2.10 │ 1.3.12, 1.4.12, 1.2.13 │ logback: serialization vulnerability in logback receiver │ │ │ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-6378 │ ├─────────────────────────────────────────────────────────────┤ │ │ │ │ │ │ │ ch.qos.logback:logback-core (logback-core-1.2.10.jar) │ │ │ │ │ │ │ │ │ │ │ │ │ │ │ ├─────────────────────────────────────────────────────────────┼────────────────┼──────────┤ ├───────────────────┼────────────────────────┼─────────────────────────────────────────────────────────────┤ │ com.nimbusds:nimbus-jose-jwt (nimbus-jose-jwt-9.24.jar) │ CVE-2023-52428 │ MEDIUM │ │ 9.24 │ 9.37.2 │ Denial of Service in Connect2id Nimbus JOSE+JWT │ │ │ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-52428 │ ├─────────────────────────────────────────────────────────────┼────────────────┤ │ ├───────────────────┼────────────────────────┼─────────────────────────────────────────────────────────────┤ │ io.netty:netty-codec-http (aws-msk-iam-auth.jar) │ CVE-2024-29025 │ │ │ 4.1.100.Final │ 4.1.108.Final │ Netty is an asynchronous event-driven network application │ │ │ │ │ │ │ │ framework fo ... │ │ │ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2024-29025 │ ├─────────────────────────────────────────────────────────────┤ │ │ │ │ │ │ │ io.netty:netty-codec-http │ │ │ │ │ │ │ │ (netty-codec-http-4.1.100.Final.jar) │ │ │ │ │ │ │ │ │ │ │ │ │ │ │ ├─────────────────────────────────────────────────────────────┼────────────────┤ │ ├───────────────────┼────────────────────────┼─────────────────────────────────────────────────────────────┤ │ io.vertx:vertx-core (vertx-core-4.5.0.jar) │ CVE-2024-1023 │ │ │ 4.5.0 │ 4.5.2 │ io.vertx/vertx-core: memory leak due to the use of Netty │ │ │ │ │ │ │ │ FastThreadLocal data structures... │ │ │ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2024-1023 │ ├─────────────────────────────────────────────────────────────┼────────────────┤ │ ├───────────────────┼────────────────────────┼─────────────────────────────────────────────────────────────┤ │ org.apache.zookeeper:zookeeper (zookeeper-3.8.3.jar) │ CVE-2024-23944 │ │ │ 3.8.3 │ 3.8.4, 3.9.2 │ Information disclosure in persistent watchers handling in │ │ │ │ │ │ │ │ Apache ZooKe ... │ │ │ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2024-23944 │ ├─────────────────────────────────────────────────────────────┼────────────────┤ │ ├───────────────────┼────────────────────────┼─────────────────────────────────────────────────────────────┤ │ org.bitbucket.b_c:jose4j (jose4j-0.9.3.jar) │ CVE-2023-51775 │ │ │ 0.9.3 │ 0.9.4 │ jose4j: denial of service (CPU consumption) via a large p2c │ │ │ │ │ │ │ │ (aka PBES2... │ │ │ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-51775 │ ├─────────────────────────────────────────────────────────────┼────────────────┼──────────┤ ├───────────────────┼────────────────────────┼─────────────────────────────────────────────────────────────┤ │ org.xerial.snappy:snappy-java (snappy-java-1.1.10.1.jar) │ CVE-2023-43642 │ HIGH │ │ 1.1.10.1 │ 1.1.10.4 │ snappy-java: Missing upper bound check on chunk length in │ │ │ │ │ │ │ │ snappy-java can lead... │ │ │ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-43642 │ └─────────────────────────────────────────────────────────────┴────────────────┴──────────┴────────┴───────────────────┴────────────────────────┴─────────────────────────────────────────────────────────────┘
Ideally these are fixed.
The text was updated successfully, but these errors were encountered:
Successfully merging a pull request may close this issue.
The following trivy scan results show fixable vulnerabilities:
Ideally these are fixed.
The text was updated successfully, but these errors were encountered: