forked from argoproj/argo-cd
-
Notifications
You must be signed in to change notification settings - Fork 0
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
[Bot] Update Snyk reports (argoproj#11114)
Signed-off-by: CI <[email protected]> Signed-off-by: CI <[email protected]> Co-authored-by: CI <[email protected]>
- Loading branch information
1 parent
776d8f9
commit a765c14
Showing
37 changed files
with
1,312 additions
and
93 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
|
|
@@ -7,7 +7,7 @@ | |
| <meta name="viewport" content="width=device-width, initial-scale=1.0"> | ||
| <meta http-equiv="X-UA-Compatible" content="IE=edge"> | ||
| <title>Snyk test report</title> | ||
| <meta name="description" content="13 known vulnerabilities found in 83 vulnerable dependency paths."> | ||
| <meta name="description" content="14 known vulnerabilities found in 84 vulnerable dependency paths."> | ||
| <base target="_blank"> | ||
| <link rel="icon" type="image/png" href="https://res.cloudinary.com/snyk/image/upload/v1468845142/favicon/favicon.png" | ||
| sizes="194x194"> | ||
|
|
@@ -456,7 +456,7 @@ | |
| <div class="header-wrap"> | ||
| <h1 class="project__header__title">Snyk test report</h1> | ||
|
|
||
| <p class="timestamp">October 23rd 2022, 12:42:50 am</p> | ||
| <p class="timestamp">October 30th 2022, 12:19:54 am</p> | ||
| </div> | ||
| <div class="source-panel"> | ||
| <span>Scanned the following path:</span> | ||
|
|
@@ -466,8 +466,8 @@ <h1 class="project__header__title">Snyk test report</h1> | |
| </div> | ||
|
|
||
| <div class="meta-counts"> | ||
| <div class="meta-count"><span>13</span> <span>known vulnerabilities</span></div> | ||
| <div class="meta-count"><span>83 vulnerable dependency paths</span></div> | ||
| <div class="meta-count"><span>14</span> <span>known vulnerabilities</span></div> | ||
| <div class="meta-count"><span>84 vulnerable dependency paths</span></div> | ||
| <div class="meta-count"><span>162</span> <span>dependencies</span></div> | ||
| </div><!-- .meta-counts --> | ||
| </div><!-- .layout-container--short --> | ||
|
|
@@ -485,6 +485,78 @@ <h1 class="project__header__title">Snyk test report</h1> | |
| </section> | ||
| <div class="layout-container" style="padding-top: 35px;"> | ||
| <div class="cards--vuln filter--patch filter--ignore"> | ||
| <div class="card card--vuln disclosure--not-new severity--medium" data-snyk-test="medium"> | ||
| <h2 class="card__title">Improper Validation of Array Index</h2> | ||
| <div class="card__section"> | ||
|
|
||
| <div class="label label--medium"> | ||
| <span class="label__text">medium severity</span> | ||
| </div> | ||
|
|
||
| <hr/> | ||
|
|
||
| <ul class="card__meta"> | ||
| <li class="card__meta__item"> | ||
| Package Manager: ubuntu:22.04 | ||
| </li> | ||
| <li class="card__meta__item"> | ||
| Vulnerable module: | ||
|
|
||
| sqlite3/libsqlite3-0 | ||
| </li> | ||
|
|
||
| <li class="card__meta__item">Introduced through: | ||
|
|
||
|
|
||
| docker-image|quay.io/argoproj/argocd@latest, gnupg2/[email protected] and others | ||
| </li> | ||
| </ul> | ||
|
|
||
| <hr/> | ||
|
|
||
|
|
||
| <h3 class="card__section__title">Detailed paths</h3> | ||
|
|
||
| <ul class="card__meta__paths"> | ||
| <li> | ||
| <span class="list-paths__item__introduced"><em>Introduced through</em>: | ||
| docker-image|quay.io/argoproj/argocd@latest | ||
| <span class="list-paths__item__arrow">›</span> | ||
| gnupg2/[email protected] | ||
| <span class="list-paths__item__arrow">›</span> | ||
| sqlite3/[email protected] | ||
|
|
||
| </span> | ||
|
|
||
| </li> | ||
| </ul><!-- .list-paths --> | ||
|
|
||
| </div><!-- .card__section --> | ||
|
|
||
| <hr/> | ||
| <!-- Overview --> | ||
| <h2 id="nvd-description">NVD Description</h2> | ||
| <p><strong><em>Note:</em></strong> <em>Versions mentioned in the description apply to the upstream <code>sqlite3</code> package.</em></p> | ||
| <p>SQLite 1.0.12 through 3.39.x before 3.39.2 sometimes allows an array-bounds overflow if billions of bytes are used in a string argument to a C API.</p> | ||
| <h2 id="remediation">Remediation</h2> | ||
| <p>There is no fixed version for <code>Ubuntu:22.04</code> <code>sqlite3</code>.</p> | ||
| <h2 id="references">References</h2> | ||
| <ul> | ||
| <li><a href="http://people.ubuntu.com/~ubuntu-security/cve/CVE-2022-35737">ADVISORY</a></li> | ||
| <li><a href="https://kb.cert.org/vuls/id/720344">MISC</a></li> | ||
| <li><a href="https://www.sqlite.org/cves.html">MISC</a></li> | ||
| <li><a href="https://sqlite.org/releaselog/3_39_2.html">CONFIRM</a></li> | ||
| <li><a href="https://security.netapp.com/advisory/ntap-20220915-0009/">CONFIRM</a></li> | ||
| <li><a href="https://blog.trailofbits.com/2022/10/25/sqlite-vulnerability-july-2022-library-api/">MISC</a></li> | ||
| </ul> | ||
|
|
||
| <hr/> | ||
|
|
||
| <div class="cta card__cta"> | ||
| <p><a href="https://snyk.io/vuln/SNYK-UBUNTU2204-SQLITE3-2961525">More about this vulnerability</a></p> | ||
| </div> | ||
|
|
||
| </div><!-- .card --> | ||
| <div class="card card--vuln disclosure--not-new severity--low" data-snyk-test="low"> | ||
| <h2 class="card__title">Time-of-check Time-of-use (TOCTOU)</h2> | ||
| <div class="card__section"> | ||
|
|
@@ -571,11 +643,11 @@ <h2 id="remediation">Remediation</h2> | |
| <p>There is no fixed version for <code>Ubuntu:22.04</code> <code>shadow</code>.</p> | ||
| <h2 id="references">References</h2> | ||
| <ul> | ||
| <li><a href="http://people.ubuntu.com/~ubuntu-security/cve/CVE-2013-4235">ADVISORY</a></li> | ||
| <li><a href="https://security-tracker.debian.org/tracker/CVE-2013-4235">Debian Security Tracker</a></li> | ||
| <li><a href="https://lists.apache.org/thread.html/rf9fa47ab66495c78bb4120b0754dd9531ca2ff0430f6685ac9b07772@%3Cdev.mina.apache.org%3E">MLIST</a></li> | ||
| <li><a href="https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2013-4235">RedHat Bugzilla Bug</a></li> | ||
| <li><a href="https://access.redhat.com/security/cve/cve-2013-4235">RedHat CVE Database</a></li> | ||
| <li><a href="http://people.ubuntu.com/~ubuntu-security/cve/CVE-2013-4235">Ubuntu CVE Tracker</a></li> | ||
| </ul> | ||
|
|
||
| <hr/> | ||
|
|
@@ -651,12 +723,12 @@ <h2 id="remediation">Remediation</h2> | |
| <p>There is no fixed version for <code>Ubuntu:22.04</code> <code>pcre3</code>.</p> | ||
| <h2 id="references">References</h2> | ||
| <ul> | ||
| <li><a href="http://people.ubuntu.com/~ubuntu-security/cve/CVE-2017-11164">ADVISORY</a></li> | ||
| <li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-11164">CVE Details</a></li> | ||
| <li><a href="https://security-tracker.debian.org/tracker/CVE-2017-11164">Debian Security Tracker</a></li> | ||
| <li><a href="https://lists.apache.org/thread.html/rf9fa47ab66495c78bb4120b0754dd9531ca2ff0430f6685ac9b07772@%3Cdev.mina.apache.org%3E">MLIST</a></li> | ||
| <li><a href="http://openwall.com/lists/oss-security/2017/07/11/3">OSS security Advisory</a></li> | ||
| <li><a href="http://www.securityfocus.com/bid/99575">Security Focus</a></li> | ||
| <li><a href="http://people.ubuntu.com/~ubuntu-security/cve/CVE-2017-11164">Ubuntu CVE Tracker</a></li> | ||
| </ul> | ||
|
|
||
| <hr/> | ||
|
|
@@ -787,13 +859,13 @@ <h2 id="remediation">Remediation</h2> | |
| <p>There is no fixed version for <code>Ubuntu:22.04</code> <code>patch</code>.</p> | ||
| <h2 id="references">References</h2> | ||
| <ul> | ||
| <li><a href="http://people.ubuntu.com/~ubuntu-security/cve/CVE-2018-6952">ADVISORY</a></li> | ||
| <li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-6952">CVE Details</a></li> | ||
| <li><a href="https://security-tracker.debian.org/tracker/CVE-2018-6952">Debian Security Tracker</a></li> | ||
| <li><a href="https://security.gentoo.org/glsa/201904-17">Gentoo Security Advisory</a></li> | ||
| <li><a href="https://savannah.gnu.org/bugs/index.php?53133">MISC</a></li> | ||
| <li><a href="https://access.redhat.com/errata/RHSA-2019:2033">REDHAT</a></li> | ||
| <li><a href="http://www.securityfocus.com/bid/103047">Security Focus</a></li> | ||
| <li><a href="http://people.ubuntu.com/~ubuntu-security/cve/CVE-2018-6952">Ubuntu CVE Tracker</a></li> | ||
| </ul> | ||
|
|
||
| <hr/> | ||
|
|
@@ -897,7 +969,7 @@ <h3 class="card__section__title">Detailed paths</h3> | |
| <span class="list-paths__item__arrow">›</span> | ||
| git@1:2.34.1-1ubuntu1.5 | ||
| <span class="list-paths__item__arrow">›</span> | ||
| curl/[email protected].4 | ||
| curl/[email protected].6 | ||
| <span class="list-paths__item__arrow">›</span> | ||
| libssh/[email protected] | ||
| <span class="list-paths__item__arrow">›</span> | ||
|
|
@@ -965,6 +1037,7 @@ <h2 id="references">References</h2> | |
| <li><a href="http://people.ubuntu.com/~ubuntu-security/cve/CVE-2022-3358">ADVISORY</a></li> | ||
| <li><a href="https://www.openssl.org/news/secadv/20221011.txt">CONFIRM</a></li> | ||
| <li><a href="https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=5485c56679d7c49b96e8fc8ca708b0b7e7c03c4b">CONFIRM</a></li> | ||
| <li><a href="https://security.netapp.com/advisory/ntap-20221028-0014/">CONFIRM</a></li> | ||
| </ul> | ||
|
|
||
| <hr/> | ||
|
|
@@ -1372,6 +1445,7 @@ <h2 id="references">References</h2> | |
| <li><a href="http://people.ubuntu.com/~ubuntu-security/cve/CVE-2022-29458">ADVISORY</a></li> | ||
| <li><a href="https://lists.gnu.org/archive/html/bug-ncurses/2022-04/msg00016.html">MISC</a></li> | ||
| <li><a href="https://lists.gnu.org/archive/html/bug-ncurses/2022-04/msg00014.html">MISC</a></li> | ||
| <li><a href="https://support.apple.com/kb/HT213488">CONFIRM</a></li> | ||
| </ul> | ||
|
|
||
| <hr/> | ||
|
|
@@ -1523,7 +1597,7 @@ <h3 class="card__section__title">Detailed paths</h3> | |
| <span class="list-paths__item__arrow">›</span> | ||
| git@1:2.34.1-1ubuntu1.5 | ||
| <span class="list-paths__item__arrow">›</span> | ||
| curl/[email protected].4 | ||
| curl/[email protected].6 | ||
| <span class="list-paths__item__arrow">›</span> | ||
| krb5/[email protected] | ||
|
|
||
|
|
@@ -1536,7 +1610,7 @@ <h3 class="card__section__title">Detailed paths</h3> | |
| <span class="list-paths__item__arrow">›</span> | ||
| git@1:2.34.1-1ubuntu1.5 | ||
| <span class="list-paths__item__arrow">›</span> | ||
| curl/[email protected].4 | ||
| curl/[email protected].6 | ||
| <span class="list-paths__item__arrow">›</span> | ||
| libssh/[email protected] | ||
| <span class="list-paths__item__arrow">›</span> | ||
|
|
@@ -2126,9 +2200,9 @@ <h2 id="remediation">Remediation</h2> | |
| <p>There is no fixed version for <code>Ubuntu:22.04</code> <code>git</code>.</p> | ||
| <h2 id="references">References</h2> | ||
| <ul> | ||
| <li><a href="http://people.ubuntu.com/~ubuntu-security/cve/CVE-2018-1000021">ADVISORY</a></li> | ||
| <li><a href="https://security-tracker.debian.org/tracker/CVE-2018-1000021">Debian Security Tracker</a></li> | ||
| <li><a href="http://www.batterystapl.es/2018/01/security-implications-of-ansi-escape.html">http://www.batterystapl.es/2018/01/security-implications-of-ansi-escape.html</a></li> | ||
| <li><a href="http://people.ubuntu.com/~ubuntu-security/cve/CVE-2018-1000021">Ubuntu CVE Tracker</a></li> | ||
| </ul> | ||
|
|
||
| <hr/> | ||
|
|
@@ -2193,11 +2267,11 @@ <h2 id="remediation">Remediation</h2> | |
| <p>There is no fixed version for <code>Ubuntu:22.04</code> <code>coreutils</code>.</p> | ||
| <h2 id="references">References</h2> | ||
| <ul> | ||
| <li><a href="http://people.ubuntu.com/~ubuntu-security/cve/CVE-2016-2781">ADVISORY</a></li> | ||
| <li><a href="https://security-tracker.debian.org/tracker/CVE-2016-2781">Debian Security Tracker</a></li> | ||
| <li><a href="https://lists.apache.org/thread.html/rf9fa47ab66495c78bb4120b0754dd9531ca2ff0430f6685ac9b07772@%3Cdev.mina.apache.org%3E">MLIST</a></li> | ||
| <li><a href="http://www.openwall.com/lists/oss-security/2016/02/28/2">OSS security Advisory</a></li> | ||
| <li><a href="http://www.openwall.com/lists/oss-security/2016/02/28/3">OSS security Advisory</a></li> | ||
| <li><a href="http://people.ubuntu.com/~ubuntu-security/cve/CVE-2016-2781">Ubuntu CVE Tracker</a></li> | ||
| </ul> | ||
|
|
||
| <hr/> | ||
|
|
||
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Oops, something went wrong.