CVE(s) found #1934
Labels
cve
status/triage
Issue or PR that requires contributor attention.
type/bug
Issue that reports an unexpected behaviour.
Milestone
Comments
github-actions
bot
added
cve
status/triage
|
The ticket was created based on the following error: > grype --fail-on medium buildpacksio/pack:0.31.0
✔ Vulnerability DB [no update available]
✔ Loaded image buildpacksio/pack:0.31.0
✔ Parsed image sha256:ab0d837f666010c8499e2fe1c5f2a70578e1bcf5d57e5e598f41229d04a290c5
✔ Cataloged packages [101 packages]
✘ Scan for vulnerabilities [2 vulnerability matches]
├── by severity: 0 critical, 0 high, 2 medium, 0 low, 0 negligible
└── by status: 2 fixed, 0 not-fixed, 0 ignored (2 dropped)
[0000] WARN some package(s) are missing CPEs. This may result in missing vulnerabilities. You may autogenerate these using: --add-cpes-if-none
NAME INSTALLED FIXED-IN TYPE VULNERABILITY SEVERITY
golang.org/x/net v0.15.0 0.17.0 go-module GHSA-qppj-fm5r-hxr3 Medium
golang.org/x/net v0.15.0 0.17.0 go-module GHSA-4374-p667-p6c8 MediumAfter merging PR 1932 the CVE is fixed. I built the latest main branch and run > grype out/pack
✔ Vulnerability DB [no update available]
✔ Indexed file system /Users/jbustamante/go/src/github.com/buildpacks/pack/out
✔ Cataloged packages [101 packages]
✔ Scanned for vulnerabilities [0 vulnerability matches]
├── by severity: 0 critical, 0 high, 0 medium, 0 low, 0 negligible
└── by status: 0 fixed, 0 not-fixed, 0 ignored (2 dropped) |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Latest buildpacksio/pack v0.31.0 triggered CVE(s) from Grype. For further details, see: https://github.com/buildpacks/pack/actions/runs/6528155143
The text was updated successfully, but these errors were encountered: