From 40166d58b8d895c1a8da1e558ca028e2f7e09621 Mon Sep 17 00:00:00 2001 From: "github-actions[bot]" <41898282+github-actions[bot]@users.noreply.github.com> Date: Sat, 11 Jan 2025 03:26:22 +0000 Subject: [PATCH 1/8] update badge 20250111/032621 --- .github/sec-latest.md | 161 ++++++++++++++++++++++-------------------- 1 file changed, 84 insertions(+), 77 deletions(-) diff --git a/.github/sec-latest.md b/.github/sec-latest.md index e43c3dae..c2902b92 100644 --- a/.github/sec-latest.md +++ b/.github/sec-latest.md @@ -41,17 +41,18 @@ │ ├ CVSS ─ redhat ╭ V3Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/ │ │ │ A:H │ │ ╰ V3Score : 7.5 -│ ├ References ╭ [0]: https://access.redhat.com/security/cve/CVE-2024-45338 -│ │ ├ [1]: https://cs.opensource.google/go/x/net -│ │ ├ [2]: https://github.com/golang/go/issues/70906 -│ │ ├ [3]: https://go-review.googlesource.com/c/net/+/637536 -│ │ ├ [4]: https://go.dev/cl/637536 -│ │ ├ [5]: https://go.dev/issue/70906 -│ │ ├ [6]: https://groups.google.com/g/golang-announce/c/wSCRmFnNm -│ │ │ PA/m/Lvcd0mRMAwAJ -│ │ ├ [7]: https://nvd.nist.gov/vuln/detail/CVE-2024-45338 -│ │ ├ [8]: https://pkg.go.dev/vuln/GO-2024-3333 -│ │ ╰ [9]: https://www.cve.org/CVERecord?id=CVE-2024-45338 +│ ├ References ╭ [0] : https://access.redhat.com/security/cve/CVE-2024-45338 +│ │ ├ [1] : https://cs.opensource.google/go/x/net +│ │ ├ [2] : https://github.com/golang/go/issues/70906 +│ │ ├ [3] : https://go-review.googlesource.com/c/net/+/637536 +│ │ ├ [4] : https://go.dev/cl/637536 +│ │ ├ [5] : https://go.dev/issue/70906 +│ │ ├ [6] : https://groups.google.com/g/golang-announce/c/wSCRmFnN +│ │ │ mPA/m/Lvcd0mRMAwAJ +│ │ ├ [7] : https://nvd.nist.gov/vuln/detail/CVE-2024-45338 +│ │ ├ [8] : https://pkg.go.dev/vuln/GO-2024-3333 +│ │ ├ [9] : https://ubuntu.com/security/notices/USN-7197-1 +│ │ ╰ [10]: https://www.cve.org/CVERecord?id=CVE-2024-45338 │ ├ PublishedDate : 2024-12-18T21:15:08.173Z │ ╰ LastModifiedDate: 2024-12-31T20:16:06.603Z ├ [3] ╭ Target : usr/bin/ctr @@ -90,17 +91,18 @@ │ ├ CVSS ─ redhat ╭ V3Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/ │ │ │ A:H │ │ ╰ V3Score : 7.5 -│ ├ References ╭ [0]: https://access.redhat.com/security/cve/CVE-2024-45338 -│ │ ├ [1]: https://cs.opensource.google/go/x/net -│ │ ├ [2]: https://github.com/golang/go/issues/70906 -│ │ ├ [3]: https://go-review.googlesource.com/c/net/+/637536 -│ │ ├ [4]: https://go.dev/cl/637536 -│ │ ├ [5]: https://go.dev/issue/70906 -│ │ ├ [6]: https://groups.google.com/g/golang-announce/c/wSCRmFnNm -│ │ │ PA/m/Lvcd0mRMAwAJ -│ │ ├ [7]: https://nvd.nist.gov/vuln/detail/CVE-2024-45338 -│ │ ├ [8]: https://pkg.go.dev/vuln/GO-2024-3333 -│ │ ╰ [9]: https://www.cve.org/CVERecord?id=CVE-2024-45338 +│ ├ References ╭ [0] : https://access.redhat.com/security/cve/CVE-2024-45338 +│ │ ├ [1] : https://cs.opensource.google/go/x/net +│ │ ├ [2] : https://github.com/golang/go/issues/70906 +│ │ ├ [3] : https://go-review.googlesource.com/c/net/+/637536 +│ │ ├ [4] : https://go.dev/cl/637536 +│ │ ├ [5] : https://go.dev/issue/70906 +│ │ ├ [6] : https://groups.google.com/g/golang-announce/c/wSCRmFnN +│ │ │ mPA/m/Lvcd0mRMAwAJ +│ │ ├ [7] : https://nvd.nist.gov/vuln/detail/CVE-2024-45338 +│ │ ├ [8] : https://pkg.go.dev/vuln/GO-2024-3333 +│ │ ├ [9] : https://ubuntu.com/security/notices/USN-7197-1 +│ │ ╰ [10]: https://www.cve.org/CVERecord?id=CVE-2024-45338 │ ├ PublishedDate : 2024-12-18T21:15:08.173Z │ ╰ LastModifiedDate: 2024-12-31T20:16:06.603Z ├ [4] ╭ Target : usr/bin/dive @@ -139,17 +141,18 @@ │ ├ CVSS ─ redhat ╭ V3Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/ │ │ │ A:H │ │ ╰ V3Score : 7.5 -│ ├ References ╭ [0]: https://access.redhat.com/security/cve/CVE-2024-45338 -│ │ ├ [1]: https://cs.opensource.google/go/x/net -│ │ ├ [2]: https://github.com/golang/go/issues/70906 -│ │ ├ [3]: https://go-review.googlesource.com/c/net/+/637536 -│ │ ├ [4]: https://go.dev/cl/637536 -│ │ ├ [5]: https://go.dev/issue/70906 -│ │ ├ [6]: https://groups.google.com/g/golang-announce/c/wSCRmFnNm -│ │ │ PA/m/Lvcd0mRMAwAJ -│ │ ├ [7]: https://nvd.nist.gov/vuln/detail/CVE-2024-45338 -│ │ ├ [8]: https://pkg.go.dev/vuln/GO-2024-3333 -│ │ ╰ [9]: https://www.cve.org/CVERecord?id=CVE-2024-45338 +│ ├ References ╭ [0] : https://access.redhat.com/security/cve/CVE-2024-45338 +│ │ ├ [1] : https://cs.opensource.google/go/x/net +│ │ ├ [2] : https://github.com/golang/go/issues/70906 +│ │ ├ [3] : https://go-review.googlesource.com/c/net/+/637536 +│ │ ├ [4] : https://go.dev/cl/637536 +│ │ ├ [5] : https://go.dev/issue/70906 +│ │ ├ [6] : https://groups.google.com/g/golang-announce/c/wSCRmFnN +│ │ │ mPA/m/Lvcd0mRMAwAJ +│ │ ├ [7] : https://nvd.nist.gov/vuln/detail/CVE-2024-45338 +│ │ ├ [8] : https://pkg.go.dev/vuln/GO-2024-3333 +│ │ ├ [9] : https://ubuntu.com/security/notices/USN-7197-1 +│ │ ╰ [10]: https://www.cve.org/CVERecord?id=CVE-2024-45338 │ ├ PublishedDate : 2024-12-18T21:15:08.173Z │ ╰ LastModifiedDate: 2024-12-31T20:16:06.603Z ├ [5] ╭ Target: usr/bin/docker @@ -191,17 +194,18 @@ │ ├ CVSS ─ redhat ╭ V3Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/ │ │ │ A:H │ │ ╰ V3Score : 7.5 -│ ├ References ╭ [0]: https://access.redhat.com/security/cve/CVE-2024-45338 -│ │ ├ [1]: https://cs.opensource.google/go/x/net -│ │ ├ [2]: https://github.com/golang/go/issues/70906 -│ │ ├ [3]: https://go-review.googlesource.com/c/net/+/637536 -│ │ ├ [4]: https://go.dev/cl/637536 -│ │ ├ [5]: https://go.dev/issue/70906 -│ │ ├ [6]: https://groups.google.com/g/golang-announce/c/wSCRmFnNm -│ │ │ PA/m/Lvcd0mRMAwAJ -│ │ ├ [7]: https://nvd.nist.gov/vuln/detail/CVE-2024-45338 -│ │ ├ [8]: https://pkg.go.dev/vuln/GO-2024-3333 -│ │ ╰ [9]: https://www.cve.org/CVERecord?id=CVE-2024-45338 +│ ├ References ╭ [0] : https://access.redhat.com/security/cve/CVE-2024-45338 +│ │ ├ [1] : https://cs.opensource.google/go/x/net +│ │ ├ [2] : https://github.com/golang/go/issues/70906 +│ │ ├ [3] : https://go-review.googlesource.com/c/net/+/637536 +│ │ ├ [4] : https://go.dev/cl/637536 +│ │ ├ [5] : https://go.dev/issue/70906 +│ │ ├ [6] : https://groups.google.com/g/golang-announce/c/wSCRmFnN +│ │ │ mPA/m/Lvcd0mRMAwAJ +│ │ ├ [7] : https://nvd.nist.gov/vuln/detail/CVE-2024-45338 +│ │ ├ [8] : https://pkg.go.dev/vuln/GO-2024-3333 +│ │ ├ [9] : https://ubuntu.com/security/notices/USN-7197-1 +│ │ ╰ [10]: https://www.cve.org/CVERecord?id=CVE-2024-45338 │ ├ PublishedDate : 2024-12-18T21:15:08.173Z │ ╰ LastModifiedDate: 2024-12-31T20:16:06.603Z ├ [7] ╭ Target : usr/bin/nerdctl @@ -326,17 +330,18 @@ │ ├ CVSS ─ redhat ╭ V3Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/ │ │ │ A:H │ │ ╰ V3Score : 7.5 -│ ├ References ╭ [0]: https://access.redhat.com/security/cve/CVE-2024-45338 -│ │ ├ [1]: https://cs.opensource.google/go/x/net -│ │ ├ [2]: https://github.com/golang/go/issues/70906 -│ │ ├ [3]: https://go-review.googlesource.com/c/net/+/637536 -│ │ ├ [4]: https://go.dev/cl/637536 -│ │ ├ [5]: https://go.dev/issue/70906 -│ │ ├ [6]: https://groups.google.com/g/golang-announce/c/wSCRmFnNm -│ │ │ PA/m/Lvcd0mRMAwAJ -│ │ ├ [7]: https://nvd.nist.gov/vuln/detail/CVE-2024-45338 -│ │ ├ [8]: https://pkg.go.dev/vuln/GO-2024-3333 -│ │ ╰ [9]: https://www.cve.org/CVERecord?id=CVE-2024-45338 +│ ├ References ╭ [0] : https://access.redhat.com/security/cve/CVE-2024-45338 +│ │ ├ [1] : https://cs.opensource.google/go/x/net +│ │ ├ [2] : https://github.com/golang/go/issues/70906 +│ │ ├ [3] : https://go-review.googlesource.com/c/net/+/637536 +│ │ ├ [4] : https://go.dev/cl/637536 +│ │ ├ [5] : https://go.dev/issue/70906 +│ │ ├ [6] : https://groups.google.com/g/golang-announce/c/wSCRmFnN +│ │ │ mPA/m/Lvcd0mRMAwAJ +│ │ ├ [7] : https://nvd.nist.gov/vuln/detail/CVE-2024-45338 +│ │ ├ [8] : https://pkg.go.dev/vuln/GO-2024-3333 +│ │ ├ [9] : https://ubuntu.com/security/notices/USN-7197-1 +│ │ ╰ [10]: https://www.cve.org/CVERecord?id=CVE-2024-45338 │ ├ PublishedDate : 2024-12-18T21:15:08.173Z │ ╰ LastModifiedDate: 2024-12-31T20:16:06.603Z ├ [8] ╭ Target : usr/bin/skopeo @@ -461,17 +466,18 @@ │ ├ CVSS ─ redhat ╭ V3Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/ │ │ │ A:H │ │ ╰ V3Score : 7.5 -│ ├ References ╭ [0]: https://access.redhat.com/security/cve/CVE-2024-45338 -│ │ ├ [1]: https://cs.opensource.google/go/x/net -│ │ ├ [2]: https://github.com/golang/go/issues/70906 -│ │ ├ [3]: https://go-review.googlesource.com/c/net/+/637536 -│ │ ├ [4]: https://go.dev/cl/637536 -│ │ ├ [5]: https://go.dev/issue/70906 -│ │ ├ [6]: https://groups.google.com/g/golang-announce/c/wSCRmFnNm -│ │ │ PA/m/Lvcd0mRMAwAJ -│ │ ├ [7]: https://nvd.nist.gov/vuln/detail/CVE-2024-45338 -│ │ ├ [8]: https://pkg.go.dev/vuln/GO-2024-3333 -│ │ ╰ [9]: https://www.cve.org/CVERecord?id=CVE-2024-45338 +│ ├ References ╭ [0] : https://access.redhat.com/security/cve/CVE-2024-45338 +│ │ ├ [1] : https://cs.opensource.google/go/x/net +│ │ ├ [2] : https://github.com/golang/go/issues/70906 +│ │ ├ [3] : https://go-review.googlesource.com/c/net/+/637536 +│ │ ├ [4] : https://go.dev/cl/637536 +│ │ ├ [5] : https://go.dev/issue/70906 +│ │ ├ [6] : https://groups.google.com/g/golang-announce/c/wSCRmFnN +│ │ │ mPA/m/Lvcd0mRMAwAJ +│ │ ├ [7] : https://nvd.nist.gov/vuln/detail/CVE-2024-45338 +│ │ ├ [8] : https://pkg.go.dev/vuln/GO-2024-3333 +│ │ ├ [9] : https://ubuntu.com/security/notices/USN-7197-1 +│ │ ╰ [10]: https://www.cve.org/CVERecord?id=CVE-2024-45338 │ ├ PublishedDate : 2024-12-18T21:15:08.173Z │ ╰ LastModifiedDate: 2024-12-31T20:16:06.603Z ╰ [9] ╭ Target : usr/bin/syft @@ -603,17 +609,18 @@ ├ CVSS ─ redhat ╭ V3Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/ │ │ A:H │ ╰ V3Score : 7.5 - ├ References ╭ [0]: https://access.redhat.com/security/cve/CVE-2024-45338 - │ ├ [1]: https://cs.opensource.google/go/x/net - │ ├ [2]: https://github.com/golang/go/issues/70906 - │ ├ [3]: https://go-review.googlesource.com/c/net/+/637536 - │ ├ [4]: https://go.dev/cl/637536 - │ ├ [5]: https://go.dev/issue/70906 - │ ├ [6]: https://groups.google.com/g/golang-announce/c/wSCRmFnNm - │ │ PA/m/Lvcd0mRMAwAJ - │ ├ [7]: https://nvd.nist.gov/vuln/detail/CVE-2024-45338 - │ ├ [8]: https://pkg.go.dev/vuln/GO-2024-3333 - │ ╰ [9]: https://www.cve.org/CVERecord?id=CVE-2024-45338 + ├ References ╭ [0] : https://access.redhat.com/security/cve/CVE-2024-45338 + │ ├ [1] : https://cs.opensource.google/go/x/net + │ ├ [2] : https://github.com/golang/go/issues/70906 + │ ├ [3] : https://go-review.googlesource.com/c/net/+/637536 + │ ├ [4] : https://go.dev/cl/637536 + │ ├ [5] : https://go.dev/issue/70906 + │ ├ [6] : https://groups.google.com/g/golang-announce/c/wSCRmFnN + │ │ mPA/m/Lvcd0mRMAwAJ + │ ├ [7] : https://nvd.nist.gov/vuln/detail/CVE-2024-45338 + │ ├ [8] : https://pkg.go.dev/vuln/GO-2024-3333 + │ ├ [9] : https://ubuntu.com/security/notices/USN-7197-1 + │ ╰ [10]: https://www.cve.org/CVERecord?id=CVE-2024-45338 ├ PublishedDate : 2024-12-18T21:15:08.173Z ╰ LastModifiedDate: 2024-12-31T20:16:06.603Z ```` From 09069d583be63a53bf127059f8e4b2a2dc0b4757 Mon Sep 17 00:00:00 2001 From: "github-actions[bot]" <41898282+github-actions[bot]@users.noreply.github.com> Date: Sat, 11 Jan 2025 03:26:24 +0000 Subject: [PATCH 2/8] update badge 20250111/032621 --- .github/sec-build-lite.md | 31 ++++++++++++++++--------------- 1 file changed, 16 insertions(+), 15 deletions(-) diff --git a/.github/sec-build-lite.md b/.github/sec-build-lite.md index 6d278b66..cf6bf2bd 100644 --- a/.github/sec-build-lite.md +++ b/.github/sec-build-lite.md @@ -13,10 +13,10 @@ ├ InstalledVersion: v0.30.0 ├ FixedVersion : 0.33.0 ├ Status : fixed - ├ Layer ╭ Digest: sha256:0bc73bc60a855d72e3c90710e3d9d16844ab906bc856f - │ │ 4c524f1c169584dd614 - │ ╰ DiffID: sha256:edea3c4d908ccee9c7874f0a96a2125607f2b489e5d9c - │ 6f1c46a2c0989266a51 + ├ Layer ╭ Digest: sha256:7de3a4a12fc0bc965ab4c53709fceea66fc00f5cee56c + │ │ 00e054ab2cd1cfb3c79 + │ ╰ DiffID: sha256:40957a6f1ecfe753d4848eab6604c02ccf6d6f1071aea + │ 44a6a49d140a720db6b ├ SeveritySource : ghsa ├ PrimaryURL : https://avd.aquasec.com/nvd/cve-2024-45338 ├ DataSource ╭ ID : ghsa @@ -38,17 +38,18 @@ ├ CVSS ─ redhat ╭ V3Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/ │ │ A:H │ ╰ V3Score : 7.5 - ├ References ╭ [0]: https://access.redhat.com/security/cve/CVE-2024-45338 - │ ├ [1]: https://cs.opensource.google/go/x/net - │ ├ [2]: https://github.com/golang/go/issues/70906 - │ ├ [3]: https://go-review.googlesource.com/c/net/+/637536 - │ ├ [4]: https://go.dev/cl/637536 - │ ├ [5]: https://go.dev/issue/70906 - │ ├ [6]: https://groups.google.com/g/golang-announce/c/wSCRmFnNm - │ │ PA/m/Lvcd0mRMAwAJ - │ ├ [7]: https://nvd.nist.gov/vuln/detail/CVE-2024-45338 - │ ├ [8]: https://pkg.go.dev/vuln/GO-2024-3333 - │ ╰ [9]: https://www.cve.org/CVERecord?id=CVE-2024-45338 + ├ References ╭ [0] : https://access.redhat.com/security/cve/CVE-2024-45338 + │ ├ [1] : https://cs.opensource.google/go/x/net + │ ├ [2] : https://github.com/golang/go/issues/70906 + │ ├ [3] : https://go-review.googlesource.com/c/net/+/637536 + │ ├ [4] : https://go.dev/cl/637536 + │ ├ [5] : https://go.dev/issue/70906 + │ ├ [6] : https://groups.google.com/g/golang-announce/c/wSCRmFnN + │ │ mPA/m/Lvcd0mRMAwAJ + │ ├ [7] : https://nvd.nist.gov/vuln/detail/CVE-2024-45338 + │ ├ [8] : https://pkg.go.dev/vuln/GO-2024-3333 + │ ├ [9] : https://ubuntu.com/security/notices/USN-7197-1 + │ ╰ [10]: https://www.cve.org/CVERecord?id=CVE-2024-45338 ├ PublishedDate : 2024-12-18T21:15:08.173Z ╰ LastModifiedDate: 2024-12-31T20:16:06.603Z ```` From c63bff0616ba99d24d49cf4c65c1a403195b0c5c Mon Sep 17 00:00:00 2001 From: "github-actions[bot]" <41898282+github-actions[bot]@users.noreply.github.com> Date: Sat, 11 Jan 2025 03:26:25 +0000 Subject: [PATCH 3/8] update badge 20250111/032621 --- .github/sec-build-lite.yaml | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/.github/sec-build-lite.yaml b/.github/sec-build-lite.yaml index c8208007..80ecac77 100644 --- a/.github/sec-build-lite.yaml +++ b/.github/sec-build-lite.yaml @@ -15,8 +15,8 @@ FixedVersion: 0.33.0 Status: fixed Layer: - Digest: sha256:0bc73bc60a855d72e3c90710e3d9d16844ab906bc856f4c524f1c169584dd614 - DiffID: sha256:edea3c4d908ccee9c7874f0a96a2125607f2b489e5d9c6f1c46a2c0989266a51 + Digest: sha256:7de3a4a12fc0bc965ab4c53709fceea66fc00f5cee56c00e054ab2cd1cfb3c79 + DiffID: sha256:40957a6f1ecfe753d4848eab6604c02ccf6d6f1071aea44a6a49d140a720db6b SeveritySource: ghsa PrimaryURL: https://avd.aquasec.com/nvd/cve-2024-45338 DataSource: @@ -47,6 +47,7 @@ - https://groups.google.com/g/golang-announce/c/wSCRmFnNmPA/m/Lvcd0mRMAwAJ - https://nvd.nist.gov/vuln/detail/CVE-2024-45338 - https://pkg.go.dev/vuln/GO-2024-3333 + - https://ubuntu.com/security/notices/USN-7197-1 - https://www.cve.org/CVERecord?id=CVE-2024-45338 PublishedDate: '2024-12-18T21:15:08.173Z' LastModifiedDate: '2024-12-31T20:16:06.603Z' From 3900f007dfc0f9536f374bd0d67950f2f6987192 Mon Sep 17 00:00:00 2001 From: "github-actions[bot]" <41898282+github-actions[bot]@users.noreply.github.com> Date: Sat, 11 Jan 2025 03:26:26 +0000 Subject: [PATCH 4/8] update badge 20250111/032621 --- .github/sec-lite.yaml | 1 + 1 file changed, 1 insertion(+) diff --git a/.github/sec-lite.yaml b/.github/sec-lite.yaml index 9d496a39..5ed93b15 100644 --- a/.github/sec-lite.yaml +++ b/.github/sec-lite.yaml @@ -47,6 +47,7 @@ - https://groups.google.com/g/golang-announce/c/wSCRmFnNmPA/m/Lvcd0mRMAwAJ - https://nvd.nist.gov/vuln/detail/CVE-2024-45338 - https://pkg.go.dev/vuln/GO-2024-3333 + - https://ubuntu.com/security/notices/USN-7197-1 - https://www.cve.org/CVERecord?id=CVE-2024-45338 PublishedDate: '2024-12-18T21:15:08.173Z' LastModifiedDate: '2024-12-31T20:16:06.603Z' From 63dbf841d77cae14a50baa5fa34e0e91a860e284 Mon Sep 17 00:00:00 2001 From: "github-actions[bot]" <41898282+github-actions[bot]@users.noreply.github.com> Date: Sat, 11 Jan 2025 03:26:27 +0000 Subject: [PATCH 5/8] update badge 20250111/032621 --- .github/sec-lite.md | 23 ++++++++++++----------- 1 file changed, 12 insertions(+), 11 deletions(-) diff --git a/.github/sec-lite.md b/.github/sec-lite.md index 6528fb73..72064f03 100644 --- a/.github/sec-lite.md +++ b/.github/sec-lite.md @@ -38,17 +38,18 @@ ├ CVSS ─ redhat ╭ V3Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/ │ │ A:H │ ╰ V3Score : 7.5 - ├ References ╭ [0]: https://access.redhat.com/security/cve/CVE-2024-45338 - │ ├ [1]: https://cs.opensource.google/go/x/net - │ ├ [2]: https://github.com/golang/go/issues/70906 - │ ├ [3]: https://go-review.googlesource.com/c/net/+/637536 - │ ├ [4]: https://go.dev/cl/637536 - │ ├ [5]: https://go.dev/issue/70906 - │ ├ [6]: https://groups.google.com/g/golang-announce/c/wSCRmFnNm - │ │ PA/m/Lvcd0mRMAwAJ - │ ├ [7]: https://nvd.nist.gov/vuln/detail/CVE-2024-45338 - │ ├ [8]: https://pkg.go.dev/vuln/GO-2024-3333 - │ ╰ [9]: https://www.cve.org/CVERecord?id=CVE-2024-45338 + ├ References ╭ [0] : https://access.redhat.com/security/cve/CVE-2024-45338 + │ ├ [1] : https://cs.opensource.google/go/x/net + │ ├ [2] : https://github.com/golang/go/issues/70906 + │ ├ [3] : https://go-review.googlesource.com/c/net/+/637536 + │ ├ [4] : https://go.dev/cl/637536 + │ ├ [5] : https://go.dev/issue/70906 + │ ├ [6] : https://groups.google.com/g/golang-announce/c/wSCRmFnN + │ │ mPA/m/Lvcd0mRMAwAJ + │ ├ [7] : https://nvd.nist.gov/vuln/detail/CVE-2024-45338 + │ ├ [8] : https://pkg.go.dev/vuln/GO-2024-3333 + │ ├ [9] : https://ubuntu.com/security/notices/USN-7197-1 + │ ╰ [10]: https://www.cve.org/CVERecord?id=CVE-2024-45338 ├ PublishedDate : 2024-12-18T21:15:08.173Z ╰ LastModifiedDate: 2024-12-31T20:16:06.603Z ```` From c850767c7172534b4141e26ee229bd97d41dc878 Mon Sep 17 00:00:00 2001 From: "github-actions[bot]" <41898282+github-actions[bot]@users.noreply.github.com> Date: Sat, 11 Jan 2025 03:26:29 +0000 Subject: [PATCH 6/8] update badge 20250111/032621 --- .github/sec-build.yaml | 51 ++++++++++++++++++++++++------------------ 1 file changed, 29 insertions(+), 22 deletions(-) diff --git a/.github/sec-build.yaml b/.github/sec-build.yaml index 774262f7..d513dab8 100644 --- a/.github/sec-build.yaml +++ b/.github/sec-build.yaml @@ -18,8 +18,8 @@ FixedVersion: 0.33.0 Status: fixed Layer: - Digest: sha256:4469bb1a676fe17467804c4e35737daae3df0ebf18c1c24ebb38345ea5294c99 - DiffID: sha256:2c31bd3cd376712bb1ef008588a7df2ee6830b4d08b920201e4f0161bca61db1 + Digest: sha256:f1c867faea0cfda95d539e6c2d515ff5cb59d41af6ea2892e28bec9fccff3d12 + DiffID: sha256:5c4f327ae183e5d188ee5dd43583468eb9572bdc2ab110df063f1899a56d9382 SeveritySource: ghsa PrimaryURL: https://avd.aquasec.com/nvd/cve-2024-45338 DataSource: @@ -50,6 +50,7 @@ - https://groups.google.com/g/golang-announce/c/wSCRmFnNmPA/m/Lvcd0mRMAwAJ - https://nvd.nist.gov/vuln/detail/CVE-2024-45338 - https://pkg.go.dev/vuln/GO-2024-3333 + - https://ubuntu.com/security/notices/USN-7197-1 - https://www.cve.org/CVERecord?id=CVE-2024-45338 PublishedDate: '2024-12-18T21:15:08.173Z' LastModifiedDate: '2024-12-31T20:16:06.603Z' @@ -67,8 +68,8 @@ FixedVersion: 0.33.0 Status: fixed Layer: - Digest: sha256:4469bb1a676fe17467804c4e35737daae3df0ebf18c1c24ebb38345ea5294c99 - DiffID: sha256:2c31bd3cd376712bb1ef008588a7df2ee6830b4d08b920201e4f0161bca61db1 + Digest: sha256:f1c867faea0cfda95d539e6c2d515ff5cb59d41af6ea2892e28bec9fccff3d12 + DiffID: sha256:5c4f327ae183e5d188ee5dd43583468eb9572bdc2ab110df063f1899a56d9382 SeveritySource: ghsa PrimaryURL: https://avd.aquasec.com/nvd/cve-2024-45338 DataSource: @@ -99,6 +100,7 @@ - https://groups.google.com/g/golang-announce/c/wSCRmFnNmPA/m/Lvcd0mRMAwAJ - https://nvd.nist.gov/vuln/detail/CVE-2024-45338 - https://pkg.go.dev/vuln/GO-2024-3333 + - https://ubuntu.com/security/notices/USN-7197-1 - https://www.cve.org/CVERecord?id=CVE-2024-45338 PublishedDate: '2024-12-18T21:15:08.173Z' LastModifiedDate: '2024-12-31T20:16:06.603Z' @@ -116,8 +118,8 @@ FixedVersion: 0.33.0 Status: fixed Layer: - Digest: sha256:4469bb1a676fe17467804c4e35737daae3df0ebf18c1c24ebb38345ea5294c99 - DiffID: sha256:2c31bd3cd376712bb1ef008588a7df2ee6830b4d08b920201e4f0161bca61db1 + Digest: sha256:f1c867faea0cfda95d539e6c2d515ff5cb59d41af6ea2892e28bec9fccff3d12 + DiffID: sha256:5c4f327ae183e5d188ee5dd43583468eb9572bdc2ab110df063f1899a56d9382 SeveritySource: ghsa PrimaryURL: https://avd.aquasec.com/nvd/cve-2024-45338 DataSource: @@ -148,6 +150,7 @@ - https://groups.google.com/g/golang-announce/c/wSCRmFnNmPA/m/Lvcd0mRMAwAJ - https://nvd.nist.gov/vuln/detail/CVE-2024-45338 - https://pkg.go.dev/vuln/GO-2024-3333 + - https://ubuntu.com/security/notices/USN-7197-1 - https://www.cve.org/CVERecord?id=CVE-2024-45338 PublishedDate: '2024-12-18T21:15:08.173Z' LastModifiedDate: '2024-12-31T20:16:06.603Z' @@ -168,8 +171,8 @@ FixedVersion: 0.33.0 Status: fixed Layer: - Digest: sha256:4469bb1a676fe17467804c4e35737daae3df0ebf18c1c24ebb38345ea5294c99 - DiffID: sha256:2c31bd3cd376712bb1ef008588a7df2ee6830b4d08b920201e4f0161bca61db1 + Digest: sha256:f1c867faea0cfda95d539e6c2d515ff5cb59d41af6ea2892e28bec9fccff3d12 + DiffID: sha256:5c4f327ae183e5d188ee5dd43583468eb9572bdc2ab110df063f1899a56d9382 SeveritySource: ghsa PrimaryURL: https://avd.aquasec.com/nvd/cve-2024-45338 DataSource: @@ -200,6 +203,7 @@ - https://groups.google.com/g/golang-announce/c/wSCRmFnNmPA/m/Lvcd0mRMAwAJ - https://nvd.nist.gov/vuln/detail/CVE-2024-45338 - https://pkg.go.dev/vuln/GO-2024-3333 + - https://ubuntu.com/security/notices/USN-7197-1 - https://www.cve.org/CVERecord?id=CVE-2024-45338 PublishedDate: '2024-12-18T21:15:08.173Z' LastModifiedDate: '2024-12-31T20:16:06.603Z' @@ -217,8 +221,8 @@ FixedVersion: 0.31.0 Status: fixed Layer: - Digest: sha256:4469bb1a676fe17467804c4e35737daae3df0ebf18c1c24ebb38345ea5294c99 - DiffID: sha256:2c31bd3cd376712bb1ef008588a7df2ee6830b4d08b920201e4f0161bca61db1 + Digest: sha256:f1c867faea0cfda95d539e6c2d515ff5cb59d41af6ea2892e28bec9fccff3d12 + DiffID: sha256:5c4f327ae183e5d188ee5dd43583468eb9572bdc2ab110df063f1899a56d9382 SeveritySource: ghsa PrimaryURL: https://avd.aquasec.com/nvd/cve-2024-45337 DataSource: @@ -263,8 +267,8 @@ FixedVersion: 0.33.0 Status: fixed Layer: - Digest: sha256:4469bb1a676fe17467804c4e35737daae3df0ebf18c1c24ebb38345ea5294c99 - DiffID: sha256:2c31bd3cd376712bb1ef008588a7df2ee6830b4d08b920201e4f0161bca61db1 + Digest: sha256:f1c867faea0cfda95d539e6c2d515ff5cb59d41af6ea2892e28bec9fccff3d12 + DiffID: sha256:5c4f327ae183e5d188ee5dd43583468eb9572bdc2ab110df063f1899a56d9382 SeveritySource: ghsa PrimaryURL: https://avd.aquasec.com/nvd/cve-2024-45338 DataSource: @@ -295,6 +299,7 @@ - https://groups.google.com/g/golang-announce/c/wSCRmFnNmPA/m/Lvcd0mRMAwAJ - https://nvd.nist.gov/vuln/detail/CVE-2024-45338 - https://pkg.go.dev/vuln/GO-2024-3333 + - https://ubuntu.com/security/notices/USN-7197-1 - https://www.cve.org/CVERecord?id=CVE-2024-45338 PublishedDate: '2024-12-18T21:15:08.173Z' LastModifiedDate: '2024-12-31T20:16:06.603Z' @@ -312,8 +317,8 @@ FixedVersion: 0.31.0 Status: fixed Layer: - Digest: sha256:4469bb1a676fe17467804c4e35737daae3df0ebf18c1c24ebb38345ea5294c99 - DiffID: sha256:2c31bd3cd376712bb1ef008588a7df2ee6830b4d08b920201e4f0161bca61db1 + Digest: sha256:f1c867faea0cfda95d539e6c2d515ff5cb59d41af6ea2892e28bec9fccff3d12 + DiffID: sha256:5c4f327ae183e5d188ee5dd43583468eb9572bdc2ab110df063f1899a56d9382 SeveritySource: ghsa PrimaryURL: https://avd.aquasec.com/nvd/cve-2024-45337 DataSource: @@ -358,8 +363,8 @@ FixedVersion: 0.33.0 Status: fixed Layer: - Digest: sha256:4469bb1a676fe17467804c4e35737daae3df0ebf18c1c24ebb38345ea5294c99 - DiffID: sha256:2c31bd3cd376712bb1ef008588a7df2ee6830b4d08b920201e4f0161bca61db1 + Digest: sha256:f1c867faea0cfda95d539e6c2d515ff5cb59d41af6ea2892e28bec9fccff3d12 + DiffID: sha256:5c4f327ae183e5d188ee5dd43583468eb9572bdc2ab110df063f1899a56d9382 SeveritySource: ghsa PrimaryURL: https://avd.aquasec.com/nvd/cve-2024-45338 DataSource: @@ -390,6 +395,7 @@ - https://groups.google.com/g/golang-announce/c/wSCRmFnNmPA/m/Lvcd0mRMAwAJ - https://nvd.nist.gov/vuln/detail/CVE-2024-45338 - https://pkg.go.dev/vuln/GO-2024-3333 + - https://ubuntu.com/security/notices/USN-7197-1 - https://www.cve.org/CVERecord?id=CVE-2024-45338 PublishedDate: '2024-12-18T21:15:08.173Z' LastModifiedDate: '2024-12-31T20:16:06.603Z' @@ -407,8 +413,8 @@ FixedVersion: 5.13.0 Status: fixed Layer: - Digest: sha256:4469bb1a676fe17467804c4e35737daae3df0ebf18c1c24ebb38345ea5294c99 - DiffID: sha256:2c31bd3cd376712bb1ef008588a7df2ee6830b4d08b920201e4f0161bca61db1 + Digest: sha256:f1c867faea0cfda95d539e6c2d515ff5cb59d41af6ea2892e28bec9fccff3d12 + DiffID: sha256:5c4f327ae183e5d188ee5dd43583468eb9572bdc2ab110df063f1899a56d9382 SeveritySource: ghsa PrimaryURL: https://avd.aquasec.com/nvd/cve-2025-21613 DataSource: @@ -448,8 +454,8 @@ FixedVersion: 5.13.0 Status: fixed Layer: - Digest: sha256:4469bb1a676fe17467804c4e35737daae3df0ebf18c1c24ebb38345ea5294c99 - DiffID: sha256:2c31bd3cd376712bb1ef008588a7df2ee6830b4d08b920201e4f0161bca61db1 + Digest: sha256:f1c867faea0cfda95d539e6c2d515ff5cb59d41af6ea2892e28bec9fccff3d12 + DiffID: sha256:5c4f327ae183e5d188ee5dd43583468eb9572bdc2ab110df063f1899a56d9382 SeveritySource: ghsa PrimaryURL: https://avd.aquasec.com/nvd/cve-2025-21614 DataSource: @@ -490,8 +496,8 @@ FixedVersion: 0.33.0 Status: fixed Layer: - Digest: sha256:4469bb1a676fe17467804c4e35737daae3df0ebf18c1c24ebb38345ea5294c99 - DiffID: sha256:2c31bd3cd376712bb1ef008588a7df2ee6830b4d08b920201e4f0161bca61db1 + Digest: sha256:f1c867faea0cfda95d539e6c2d515ff5cb59d41af6ea2892e28bec9fccff3d12 + DiffID: sha256:5c4f327ae183e5d188ee5dd43583468eb9572bdc2ab110df063f1899a56d9382 SeveritySource: ghsa PrimaryURL: https://avd.aquasec.com/nvd/cve-2024-45338 DataSource: @@ -522,6 +528,7 @@ - https://groups.google.com/g/golang-announce/c/wSCRmFnNmPA/m/Lvcd0mRMAwAJ - https://nvd.nist.gov/vuln/detail/CVE-2024-45338 - https://pkg.go.dev/vuln/GO-2024-3333 + - https://ubuntu.com/security/notices/USN-7197-1 - https://www.cve.org/CVERecord?id=CVE-2024-45338 PublishedDate: '2024-12-18T21:15:08.173Z' LastModifiedDate: '2024-12-31T20:16:06.603Z' From 255289422f1f385aeb7de72be21cc5b7a64ed5c3 Mon Sep 17 00:00:00 2001 From: "github-actions[bot]" <41898282+github-actions[bot]@users.noreply.github.com> Date: Sat, 11 Jan 2025 03:26:30 +0000 Subject: [PATCH 7/8] update badge 20250111/032621 --- .github/sec-build.md | 249 ++++++++++++++++++++++--------------------- 1 file changed, 128 insertions(+), 121 deletions(-) diff --git a/.github/sec-build.md b/.github/sec-build.md index b1743043..273292a1 100644 --- a/.github/sec-build.md +++ b/.github/sec-build.md @@ -16,10 +16,10 @@ │ ├ InstalledVersion: v0.30.0 │ ├ FixedVersion : 0.33.0 │ ├ Status : fixed -│ ├ Layer ╭ Digest: sha256:4469bb1a676fe17467804c4e35737daae3df0ebf18c1c -│ │ │ 24ebb38345ea5294c99 -│ │ ╰ DiffID: sha256:2c31bd3cd376712bb1ef008588a7df2ee6830b4d08b92 -│ │ 0201e4f0161bca61db1 +│ ├ Layer ╭ Digest: sha256:f1c867faea0cfda95d539e6c2d515ff5cb59d41af6ea2 +│ │ │ 892e28bec9fccff3d12 +│ │ ╰ DiffID: sha256:5c4f327ae183e5d188ee5dd43583468eb9572bdc2ab11 +│ │ 0df063f1899a56d9382 │ ├ SeveritySource : ghsa │ ├ PrimaryURL : https://avd.aquasec.com/nvd/cve-2024-45338 │ ├ DataSource ╭ ID : ghsa @@ -41,17 +41,18 @@ │ ├ CVSS ─ redhat ╭ V3Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/ │ │ │ A:H │ │ ╰ V3Score : 7.5 -│ ├ References ╭ [0]: https://access.redhat.com/security/cve/CVE-2024-45338 -│ │ ├ [1]: https://cs.opensource.google/go/x/net -│ │ ├ [2]: https://github.com/golang/go/issues/70906 -│ │ ├ [3]: https://go-review.googlesource.com/c/net/+/637536 -│ │ ├ [4]: https://go.dev/cl/637536 -│ │ ├ [5]: https://go.dev/issue/70906 -│ │ ├ [6]: https://groups.google.com/g/golang-announce/c/wSCRmFnNm -│ │ │ PA/m/Lvcd0mRMAwAJ -│ │ ├ [7]: https://nvd.nist.gov/vuln/detail/CVE-2024-45338 -│ │ ├ [8]: https://pkg.go.dev/vuln/GO-2024-3333 -│ │ ╰ [9]: https://www.cve.org/CVERecord?id=CVE-2024-45338 +│ ├ References ╭ [0] : https://access.redhat.com/security/cve/CVE-2024-45338 +│ │ ├ [1] : https://cs.opensource.google/go/x/net +│ │ ├ [2] : https://github.com/golang/go/issues/70906 +│ │ ├ [3] : https://go-review.googlesource.com/c/net/+/637536 +│ │ ├ [4] : https://go.dev/cl/637536 +│ │ ├ [5] : https://go.dev/issue/70906 +│ │ ├ [6] : https://groups.google.com/g/golang-announce/c/wSCRmFnN +│ │ │ mPA/m/Lvcd0mRMAwAJ +│ │ ├ [7] : https://nvd.nist.gov/vuln/detail/CVE-2024-45338 +│ │ ├ [8] : https://pkg.go.dev/vuln/GO-2024-3333 +│ │ ├ [9] : https://ubuntu.com/security/notices/USN-7197-1 +│ │ ╰ [10]: https://www.cve.org/CVERecord?id=CVE-2024-45338 │ ├ PublishedDate : 2024-12-18T21:15:08.173Z │ ╰ LastModifiedDate: 2024-12-31T20:16:06.603Z ├ [3] ╭ Target : usr/bin/ctr @@ -65,10 +66,10 @@ │ ├ InstalledVersion: v0.30.0 │ ├ FixedVersion : 0.33.0 │ ├ Status : fixed -│ ├ Layer ╭ Digest: sha256:4469bb1a676fe17467804c4e35737daae3df0ebf18c1c -│ │ │ 24ebb38345ea5294c99 -│ │ ╰ DiffID: sha256:2c31bd3cd376712bb1ef008588a7df2ee6830b4d08b92 -│ │ 0201e4f0161bca61db1 +│ ├ Layer ╭ Digest: sha256:f1c867faea0cfda95d539e6c2d515ff5cb59d41af6ea2 +│ │ │ 892e28bec9fccff3d12 +│ │ ╰ DiffID: sha256:5c4f327ae183e5d188ee5dd43583468eb9572bdc2ab11 +│ │ 0df063f1899a56d9382 │ ├ SeveritySource : ghsa │ ├ PrimaryURL : https://avd.aquasec.com/nvd/cve-2024-45338 │ ├ DataSource ╭ ID : ghsa @@ -90,17 +91,18 @@ │ ├ CVSS ─ redhat ╭ V3Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/ │ │ │ A:H │ │ ╰ V3Score : 7.5 -│ ├ References ╭ [0]: https://access.redhat.com/security/cve/CVE-2024-45338 -│ │ ├ [1]: https://cs.opensource.google/go/x/net -│ │ ├ [2]: https://github.com/golang/go/issues/70906 -│ │ ├ [3]: https://go-review.googlesource.com/c/net/+/637536 -│ │ ├ [4]: https://go.dev/cl/637536 -│ │ ├ [5]: https://go.dev/issue/70906 -│ │ ├ [6]: https://groups.google.com/g/golang-announce/c/wSCRmFnNm -│ │ │ PA/m/Lvcd0mRMAwAJ -│ │ ├ [7]: https://nvd.nist.gov/vuln/detail/CVE-2024-45338 -│ │ ├ [8]: https://pkg.go.dev/vuln/GO-2024-3333 -│ │ ╰ [9]: https://www.cve.org/CVERecord?id=CVE-2024-45338 +│ ├ References ╭ [0] : https://access.redhat.com/security/cve/CVE-2024-45338 +│ │ ├ [1] : https://cs.opensource.google/go/x/net +│ │ ├ [2] : https://github.com/golang/go/issues/70906 +│ │ ├ [3] : https://go-review.googlesource.com/c/net/+/637536 +│ │ ├ [4] : https://go.dev/cl/637536 +│ │ ├ [5] : https://go.dev/issue/70906 +│ │ ├ [6] : https://groups.google.com/g/golang-announce/c/wSCRmFnN +│ │ │ mPA/m/Lvcd0mRMAwAJ +│ │ ├ [7] : https://nvd.nist.gov/vuln/detail/CVE-2024-45338 +│ │ ├ [8] : https://pkg.go.dev/vuln/GO-2024-3333 +│ │ ├ [9] : https://ubuntu.com/security/notices/USN-7197-1 +│ │ ╰ [10]: https://www.cve.org/CVERecord?id=CVE-2024-45338 │ ├ PublishedDate : 2024-12-18T21:15:08.173Z │ ╰ LastModifiedDate: 2024-12-31T20:16:06.603Z ├ [4] ╭ Target : usr/bin/dive @@ -114,10 +116,10 @@ │ ├ InstalledVersion: v0.28.0 │ ├ FixedVersion : 0.33.0 │ ├ Status : fixed -│ ├ Layer ╭ Digest: sha256:4469bb1a676fe17467804c4e35737daae3df0ebf18c1c -│ │ │ 24ebb38345ea5294c99 -│ │ ╰ DiffID: sha256:2c31bd3cd376712bb1ef008588a7df2ee6830b4d08b92 -│ │ 0201e4f0161bca61db1 +│ ├ Layer ╭ Digest: sha256:f1c867faea0cfda95d539e6c2d515ff5cb59d41af6ea2 +│ │ │ 892e28bec9fccff3d12 +│ │ ╰ DiffID: sha256:5c4f327ae183e5d188ee5dd43583468eb9572bdc2ab11 +│ │ 0df063f1899a56d9382 │ ├ SeveritySource : ghsa │ ├ PrimaryURL : https://avd.aquasec.com/nvd/cve-2024-45338 │ ├ DataSource ╭ ID : ghsa @@ -139,17 +141,18 @@ │ ├ CVSS ─ redhat ╭ V3Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/ │ │ │ A:H │ │ ╰ V3Score : 7.5 -│ ├ References ╭ [0]: https://access.redhat.com/security/cve/CVE-2024-45338 -│ │ ├ [1]: https://cs.opensource.google/go/x/net -│ │ ├ [2]: https://github.com/golang/go/issues/70906 -│ │ ├ [3]: https://go-review.googlesource.com/c/net/+/637536 -│ │ ├ [4]: https://go.dev/cl/637536 -│ │ ├ [5]: https://go.dev/issue/70906 -│ │ ├ [6]: https://groups.google.com/g/golang-announce/c/wSCRmFnNm -│ │ │ PA/m/Lvcd0mRMAwAJ -│ │ ├ [7]: https://nvd.nist.gov/vuln/detail/CVE-2024-45338 -│ │ ├ [8]: https://pkg.go.dev/vuln/GO-2024-3333 -│ │ ╰ [9]: https://www.cve.org/CVERecord?id=CVE-2024-45338 +│ ├ References ╭ [0] : https://access.redhat.com/security/cve/CVE-2024-45338 +│ │ ├ [1] : https://cs.opensource.google/go/x/net +│ │ ├ [2] : https://github.com/golang/go/issues/70906 +│ │ ├ [3] : https://go-review.googlesource.com/c/net/+/637536 +│ │ ├ [4] : https://go.dev/cl/637536 +│ │ ├ [5] : https://go.dev/issue/70906 +│ │ ├ [6] : https://groups.google.com/g/golang-announce/c/wSCRmFnN +│ │ │ mPA/m/Lvcd0mRMAwAJ +│ │ ├ [7] : https://nvd.nist.gov/vuln/detail/CVE-2024-45338 +│ │ ├ [8] : https://pkg.go.dev/vuln/GO-2024-3333 +│ │ ├ [9] : https://ubuntu.com/security/notices/USN-7197-1 +│ │ ╰ [10]: https://www.cve.org/CVERecord?id=CVE-2024-45338 │ ├ PublishedDate : 2024-12-18T21:15:08.173Z │ ╰ LastModifiedDate: 2024-12-31T20:16:06.603Z ├ [5] ╭ Target: usr/bin/docker @@ -166,10 +169,10 @@ │ ├ InstalledVersion: v0.26.0 │ ├ FixedVersion : 0.33.0 │ ├ Status : fixed -│ ├ Layer ╭ Digest: sha256:4469bb1a676fe17467804c4e35737daae3df0ebf18c1c -│ │ │ 24ebb38345ea5294c99 -│ │ ╰ DiffID: sha256:2c31bd3cd376712bb1ef008588a7df2ee6830b4d08b92 -│ │ 0201e4f0161bca61db1 +│ ├ Layer ╭ Digest: sha256:f1c867faea0cfda95d539e6c2d515ff5cb59d41af6ea2 +│ │ │ 892e28bec9fccff3d12 +│ │ ╰ DiffID: sha256:5c4f327ae183e5d188ee5dd43583468eb9572bdc2ab11 +│ │ 0df063f1899a56d9382 │ ├ SeveritySource : ghsa │ ├ PrimaryURL : https://avd.aquasec.com/nvd/cve-2024-45338 │ ├ DataSource ╭ ID : ghsa @@ -191,17 +194,18 @@ │ ├ CVSS ─ redhat ╭ V3Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/ │ │ │ A:H │ │ ╰ V3Score : 7.5 -│ ├ References ╭ [0]: https://access.redhat.com/security/cve/CVE-2024-45338 -│ │ ├ [1]: https://cs.opensource.google/go/x/net -│ │ ├ [2]: https://github.com/golang/go/issues/70906 -│ │ ├ [3]: https://go-review.googlesource.com/c/net/+/637536 -│ │ ├ [4]: https://go.dev/cl/637536 -│ │ ├ [5]: https://go.dev/issue/70906 -│ │ ├ [6]: https://groups.google.com/g/golang-announce/c/wSCRmFnNm -│ │ │ PA/m/Lvcd0mRMAwAJ -│ │ ├ [7]: https://nvd.nist.gov/vuln/detail/CVE-2024-45338 -│ │ ├ [8]: https://pkg.go.dev/vuln/GO-2024-3333 -│ │ ╰ [9]: https://www.cve.org/CVERecord?id=CVE-2024-45338 +│ ├ References ╭ [0] : https://access.redhat.com/security/cve/CVE-2024-45338 +│ │ ├ [1] : https://cs.opensource.google/go/x/net +│ │ ├ [2] : https://github.com/golang/go/issues/70906 +│ │ ├ [3] : https://go-review.googlesource.com/c/net/+/637536 +│ │ ├ [4] : https://go.dev/cl/637536 +│ │ ├ [5] : https://go.dev/issue/70906 +│ │ ├ [6] : https://groups.google.com/g/golang-announce/c/wSCRmFnN +│ │ │ mPA/m/Lvcd0mRMAwAJ +│ │ ├ [7] : https://nvd.nist.gov/vuln/detail/CVE-2024-45338 +│ │ ├ [8] : https://pkg.go.dev/vuln/GO-2024-3333 +│ │ ├ [9] : https://ubuntu.com/security/notices/USN-7197-1 +│ │ ╰ [10]: https://www.cve.org/CVERecord?id=CVE-2024-45338 │ ├ PublishedDate : 2024-12-18T21:15:08.173Z │ ╰ LastModifiedDate: 2024-12-31T20:16:06.603Z ├ [7] ╭ Target : usr/bin/nerdctl @@ -215,10 +219,10 @@ │ │ ├ InstalledVersion: v0.30.0 │ │ ├ FixedVersion : 0.31.0 │ │ ├ Status : fixed -│ │ ├ Layer ╭ Digest: sha256:4469bb1a676fe17467804c4e35737daae3df0ebf18c1c -│ │ │ │ 24ebb38345ea5294c99 -│ │ │ ╰ DiffID: sha256:2c31bd3cd376712bb1ef008588a7df2ee6830b4d08b92 -│ │ │ 0201e4f0161bca61db1 +│ │ ├ Layer ╭ Digest: sha256:f1c867faea0cfda95d539e6c2d515ff5cb59d41af6ea2 +│ │ │ │ 892e28bec9fccff3d12 +│ │ │ ╰ DiffID: sha256:5c4f327ae183e5d188ee5dd43583468eb9572bdc2ab11 +│ │ │ 0df063f1899a56d9382 │ │ ├ SeveritySource : ghsa │ │ ├ PrimaryURL : https://avd.aquasec.com/nvd/cve-2024-45337 │ │ ├ DataSource ╭ ID : ghsa @@ -301,10 +305,10 @@ │ ├ InstalledVersion: v0.32.0 │ ├ FixedVersion : 0.33.0 │ ├ Status : fixed -│ ├ Layer ╭ Digest: sha256:4469bb1a676fe17467804c4e35737daae3df0ebf18c1c -│ │ │ 24ebb38345ea5294c99 -│ │ ╰ DiffID: sha256:2c31bd3cd376712bb1ef008588a7df2ee6830b4d08b92 -│ │ 0201e4f0161bca61db1 +│ ├ Layer ╭ Digest: sha256:f1c867faea0cfda95d539e6c2d515ff5cb59d41af6ea2 +│ │ │ 892e28bec9fccff3d12 +│ │ ╰ DiffID: sha256:5c4f327ae183e5d188ee5dd43583468eb9572bdc2ab11 +│ │ 0df063f1899a56d9382 │ ├ SeveritySource : ghsa │ ├ PrimaryURL : https://avd.aquasec.com/nvd/cve-2024-45338 │ ├ DataSource ╭ ID : ghsa @@ -326,17 +330,18 @@ │ ├ CVSS ─ redhat ╭ V3Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/ │ │ │ A:H │ │ ╰ V3Score : 7.5 -│ ├ References ╭ [0]: https://access.redhat.com/security/cve/CVE-2024-45338 -│ │ ├ [1]: https://cs.opensource.google/go/x/net -│ │ ├ [2]: https://github.com/golang/go/issues/70906 -│ │ ├ [3]: https://go-review.googlesource.com/c/net/+/637536 -│ │ ├ [4]: https://go.dev/cl/637536 -│ │ ├ [5]: https://go.dev/issue/70906 -│ │ ├ [6]: https://groups.google.com/g/golang-announce/c/wSCRmFnNm -│ │ │ PA/m/Lvcd0mRMAwAJ -│ │ ├ [7]: https://nvd.nist.gov/vuln/detail/CVE-2024-45338 -│ │ ├ [8]: https://pkg.go.dev/vuln/GO-2024-3333 -│ │ ╰ [9]: https://www.cve.org/CVERecord?id=CVE-2024-45338 +│ ├ References ╭ [0] : https://access.redhat.com/security/cve/CVE-2024-45338 +│ │ ├ [1] : https://cs.opensource.google/go/x/net +│ │ ├ [2] : https://github.com/golang/go/issues/70906 +│ │ ├ [3] : https://go-review.googlesource.com/c/net/+/637536 +│ │ ├ [4] : https://go.dev/cl/637536 +│ │ ├ [5] : https://go.dev/issue/70906 +│ │ ├ [6] : https://groups.google.com/g/golang-announce/c/wSCRmFnN +│ │ │ mPA/m/Lvcd0mRMAwAJ +│ │ ├ [7] : https://nvd.nist.gov/vuln/detail/CVE-2024-45338 +│ │ ├ [8] : https://pkg.go.dev/vuln/GO-2024-3333 +│ │ ├ [9] : https://ubuntu.com/security/notices/USN-7197-1 +│ │ ╰ [10]: https://www.cve.org/CVERecord?id=CVE-2024-45338 │ ├ PublishedDate : 2024-12-18T21:15:08.173Z │ ╰ LastModifiedDate: 2024-12-31T20:16:06.603Z ├ [8] ╭ Target : usr/bin/skopeo @@ -350,10 +355,10 @@ │ │ ├ InstalledVersion: v0.29.0 │ │ ├ FixedVersion : 0.31.0 │ │ ├ Status : fixed -│ │ ├ Layer ╭ Digest: sha256:4469bb1a676fe17467804c4e35737daae3df0ebf18c1c -│ │ │ │ 24ebb38345ea5294c99 -│ │ │ ╰ DiffID: sha256:2c31bd3cd376712bb1ef008588a7df2ee6830b4d08b92 -│ │ │ 0201e4f0161bca61db1 +│ │ ├ Layer ╭ Digest: sha256:f1c867faea0cfda95d539e6c2d515ff5cb59d41af6ea2 +│ │ │ │ 892e28bec9fccff3d12 +│ │ │ ╰ DiffID: sha256:5c4f327ae183e5d188ee5dd43583468eb9572bdc2ab11 +│ │ │ 0df063f1899a56d9382 │ │ ├ SeveritySource : ghsa │ │ ├ PrimaryURL : https://avd.aquasec.com/nvd/cve-2024-45337 │ │ ├ DataSource ╭ ID : ghsa @@ -436,10 +441,10 @@ │ ├ InstalledVersion: v0.30.0 │ ├ FixedVersion : 0.33.0 │ ├ Status : fixed -│ ├ Layer ╭ Digest: sha256:4469bb1a676fe17467804c4e35737daae3df0ebf18c1c -│ │ │ 24ebb38345ea5294c99 -│ │ ╰ DiffID: sha256:2c31bd3cd376712bb1ef008588a7df2ee6830b4d08b92 -│ │ 0201e4f0161bca61db1 +│ ├ Layer ╭ Digest: sha256:f1c867faea0cfda95d539e6c2d515ff5cb59d41af6ea2 +│ │ │ 892e28bec9fccff3d12 +│ │ ╰ DiffID: sha256:5c4f327ae183e5d188ee5dd43583468eb9572bdc2ab11 +│ │ 0df063f1899a56d9382 │ ├ SeveritySource : ghsa │ ├ PrimaryURL : https://avd.aquasec.com/nvd/cve-2024-45338 │ ├ DataSource ╭ ID : ghsa @@ -461,17 +466,18 @@ │ ├ CVSS ─ redhat ╭ V3Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/ │ │ │ A:H │ │ ╰ V3Score : 7.5 -│ ├ References ╭ [0]: https://access.redhat.com/security/cve/CVE-2024-45338 -│ │ ├ [1]: https://cs.opensource.google/go/x/net -│ │ ├ [2]: https://github.com/golang/go/issues/70906 -│ │ ├ [3]: https://go-review.googlesource.com/c/net/+/637536 -│ │ ├ [4]: https://go.dev/cl/637536 -│ │ ├ [5]: https://go.dev/issue/70906 -│ │ ├ [6]: https://groups.google.com/g/golang-announce/c/wSCRmFnNm -│ │ │ PA/m/Lvcd0mRMAwAJ -│ │ ├ [7]: https://nvd.nist.gov/vuln/detail/CVE-2024-45338 -│ │ ├ [8]: https://pkg.go.dev/vuln/GO-2024-3333 -│ │ ╰ [9]: https://www.cve.org/CVERecord?id=CVE-2024-45338 +│ ├ References ╭ [0] : https://access.redhat.com/security/cve/CVE-2024-45338 +│ │ ├ [1] : https://cs.opensource.google/go/x/net +│ │ ├ [2] : https://github.com/golang/go/issues/70906 +│ │ ├ [3] : https://go-review.googlesource.com/c/net/+/637536 +│ │ ├ [4] : https://go.dev/cl/637536 +│ │ ├ [5] : https://go.dev/issue/70906 +│ │ ├ [6] : https://groups.google.com/g/golang-announce/c/wSCRmFnN +│ │ │ mPA/m/Lvcd0mRMAwAJ +│ │ ├ [7] : https://nvd.nist.gov/vuln/detail/CVE-2024-45338 +│ │ ├ [8] : https://pkg.go.dev/vuln/GO-2024-3333 +│ │ ├ [9] : https://ubuntu.com/security/notices/USN-7197-1 +│ │ ╰ [10]: https://www.cve.org/CVERecord?id=CVE-2024-45338 │ ├ PublishedDate : 2024-12-18T21:15:08.173Z │ ╰ LastModifiedDate: 2024-12-31T20:16:06.603Z ╰ [9] ╭ Target : usr/bin/syft @@ -485,10 +491,10 @@ │ ├ InstalledVersion: v5.12.0 │ ├ FixedVersion : 5.13.0 │ ├ Status : fixed - │ ├ Layer ╭ Digest: sha256:4469bb1a676fe17467804c4e35737daae3df0ebf18c1c - │ │ │ 24ebb38345ea5294c99 - │ │ ╰ DiffID: sha256:2c31bd3cd376712bb1ef008588a7df2ee6830b4d08b92 - │ │ 0201e4f0161bca61db1 + │ ├ Layer ╭ Digest: sha256:f1c867faea0cfda95d539e6c2d515ff5cb59d41af6ea2 + │ │ │ 892e28bec9fccff3d12 + │ │ ╰ DiffID: sha256:5c4f327ae183e5d188ee5dd43583468eb9572bdc2ab11 + │ │ 0df063f1899a56d9382 │ ├ SeveritySource : ghsa │ ├ PrimaryURL : https://avd.aquasec.com/nvd/cve-2025-21613 │ ├ DataSource ╭ ID : ghsa @@ -530,10 +536,10 @@ │ ├ InstalledVersion: v5.12.0 │ ├ FixedVersion : 5.13.0 │ ├ Status : fixed - │ ├ Layer ╭ Digest: sha256:4469bb1a676fe17467804c4e35737daae3df0ebf18c1c - │ │ │ 24ebb38345ea5294c99 - │ │ ╰ DiffID: sha256:2c31bd3cd376712bb1ef008588a7df2ee6830b4d08b92 - │ │ 0201e4f0161bca61db1 + │ ├ Layer ╭ Digest: sha256:f1c867faea0cfda95d539e6c2d515ff5cb59d41af6ea2 + │ │ │ 892e28bec9fccff3d12 + │ │ ╰ DiffID: sha256:5c4f327ae183e5d188ee5dd43583468eb9572bdc2ab11 + │ │ 0df063f1899a56d9382 │ ├ SeveritySource : ghsa │ ├ PrimaryURL : https://avd.aquasec.com/nvd/cve-2025-21614 │ ├ DataSource ╭ ID : ghsa @@ -578,10 +584,10 @@ ├ InstalledVersion: v0.32.0 ├ FixedVersion : 0.33.0 ├ Status : fixed - ├ Layer ╭ Digest: sha256:4469bb1a676fe17467804c4e35737daae3df0ebf18c1c - │ │ 24ebb38345ea5294c99 - │ ╰ DiffID: sha256:2c31bd3cd376712bb1ef008588a7df2ee6830b4d08b92 - │ 0201e4f0161bca61db1 + ├ Layer ╭ Digest: sha256:f1c867faea0cfda95d539e6c2d515ff5cb59d41af6ea2 + │ │ 892e28bec9fccff3d12 + │ ╰ DiffID: sha256:5c4f327ae183e5d188ee5dd43583468eb9572bdc2ab11 + │ 0df063f1899a56d9382 ├ SeveritySource : ghsa ├ PrimaryURL : https://avd.aquasec.com/nvd/cve-2024-45338 ├ DataSource ╭ ID : ghsa @@ -603,17 +609,18 @@ ├ CVSS ─ redhat ╭ V3Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/ │ │ A:H │ ╰ V3Score : 7.5 - ├ References ╭ [0]: https://access.redhat.com/security/cve/CVE-2024-45338 - │ ├ [1]: https://cs.opensource.google/go/x/net - │ ├ [2]: https://github.com/golang/go/issues/70906 - │ ├ [3]: https://go-review.googlesource.com/c/net/+/637536 - │ ├ [4]: https://go.dev/cl/637536 - │ ├ [5]: https://go.dev/issue/70906 - │ ├ [6]: https://groups.google.com/g/golang-announce/c/wSCRmFnNm - │ │ PA/m/Lvcd0mRMAwAJ - │ ├ [7]: https://nvd.nist.gov/vuln/detail/CVE-2024-45338 - │ ├ [8]: https://pkg.go.dev/vuln/GO-2024-3333 - │ ╰ [9]: https://www.cve.org/CVERecord?id=CVE-2024-45338 + ├ References ╭ [0] : https://access.redhat.com/security/cve/CVE-2024-45338 + │ ├ [1] : https://cs.opensource.google/go/x/net + │ ├ [2] : https://github.com/golang/go/issues/70906 + │ ├ [3] : https://go-review.googlesource.com/c/net/+/637536 + │ ├ [4] : https://go.dev/cl/637536 + │ ├ [5] : https://go.dev/issue/70906 + │ ├ [6] : https://groups.google.com/g/golang-announce/c/wSCRmFnN + │ │ mPA/m/Lvcd0mRMAwAJ + │ ├ [7] : https://nvd.nist.gov/vuln/detail/CVE-2024-45338 + │ ├ [8] : https://pkg.go.dev/vuln/GO-2024-3333 + │ ├ [9] : https://ubuntu.com/security/notices/USN-7197-1 + │ ╰ [10]: https://www.cve.org/CVERecord?id=CVE-2024-45338 ├ PublishedDate : 2024-12-18T21:15:08.173Z ╰ LastModifiedDate: 2024-12-31T20:16:06.603Z ```` From 1ca3704a5c3ba083c85bd47bf77954bdc782f9ef Mon Sep 17 00:00:00 2001 From: "github-actions[bot]" <41898282+github-actions[bot]@users.noreply.github.com> Date: Sat, 11 Jan 2025 03:26:31 +0000 Subject: [PATCH 8/8] update badge 20250111/032621 --- .github/sec-latest.yaml | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/.github/sec-latest.yaml b/.github/sec-latest.yaml index 0a415e55..287de886 100644 --- a/.github/sec-latest.yaml +++ b/.github/sec-latest.yaml @@ -50,6 +50,7 @@ - https://groups.google.com/g/golang-announce/c/wSCRmFnNmPA/m/Lvcd0mRMAwAJ - https://nvd.nist.gov/vuln/detail/CVE-2024-45338 - https://pkg.go.dev/vuln/GO-2024-3333 + - https://ubuntu.com/security/notices/USN-7197-1 - https://www.cve.org/CVERecord?id=CVE-2024-45338 PublishedDate: '2024-12-18T21:15:08.173Z' LastModifiedDate: '2024-12-31T20:16:06.603Z' @@ -99,6 +100,7 @@ - https://groups.google.com/g/golang-announce/c/wSCRmFnNmPA/m/Lvcd0mRMAwAJ - https://nvd.nist.gov/vuln/detail/CVE-2024-45338 - https://pkg.go.dev/vuln/GO-2024-3333 + - https://ubuntu.com/security/notices/USN-7197-1 - https://www.cve.org/CVERecord?id=CVE-2024-45338 PublishedDate: '2024-12-18T21:15:08.173Z' LastModifiedDate: '2024-12-31T20:16:06.603Z' @@ -148,6 +150,7 @@ - https://groups.google.com/g/golang-announce/c/wSCRmFnNmPA/m/Lvcd0mRMAwAJ - https://nvd.nist.gov/vuln/detail/CVE-2024-45338 - https://pkg.go.dev/vuln/GO-2024-3333 + - https://ubuntu.com/security/notices/USN-7197-1 - https://www.cve.org/CVERecord?id=CVE-2024-45338 PublishedDate: '2024-12-18T21:15:08.173Z' LastModifiedDate: '2024-12-31T20:16:06.603Z' @@ -200,6 +203,7 @@ - https://groups.google.com/g/golang-announce/c/wSCRmFnNmPA/m/Lvcd0mRMAwAJ - https://nvd.nist.gov/vuln/detail/CVE-2024-45338 - https://pkg.go.dev/vuln/GO-2024-3333 + - https://ubuntu.com/security/notices/USN-7197-1 - https://www.cve.org/CVERecord?id=CVE-2024-45338 PublishedDate: '2024-12-18T21:15:08.173Z' LastModifiedDate: '2024-12-31T20:16:06.603Z' @@ -295,6 +299,7 @@ - https://groups.google.com/g/golang-announce/c/wSCRmFnNmPA/m/Lvcd0mRMAwAJ - https://nvd.nist.gov/vuln/detail/CVE-2024-45338 - https://pkg.go.dev/vuln/GO-2024-3333 + - https://ubuntu.com/security/notices/USN-7197-1 - https://www.cve.org/CVERecord?id=CVE-2024-45338 PublishedDate: '2024-12-18T21:15:08.173Z' LastModifiedDate: '2024-12-31T20:16:06.603Z' @@ -390,6 +395,7 @@ - https://groups.google.com/g/golang-announce/c/wSCRmFnNmPA/m/Lvcd0mRMAwAJ - https://nvd.nist.gov/vuln/detail/CVE-2024-45338 - https://pkg.go.dev/vuln/GO-2024-3333 + - https://ubuntu.com/security/notices/USN-7197-1 - https://www.cve.org/CVERecord?id=CVE-2024-45338 PublishedDate: '2024-12-18T21:15:08.173Z' LastModifiedDate: '2024-12-31T20:16:06.603Z' @@ -522,6 +528,7 @@ - https://groups.google.com/g/golang-announce/c/wSCRmFnNmPA/m/Lvcd0mRMAwAJ - https://nvd.nist.gov/vuln/detail/CVE-2024-45338 - https://pkg.go.dev/vuln/GO-2024-3333 + - https://ubuntu.com/security/notices/USN-7197-1 - https://www.cve.org/CVERecord?id=CVE-2024-45338 PublishedDate: '2024-12-18T21:15:08.173Z' LastModifiedDate: '2024-12-31T20:16:06.603Z'