dragonheim/gagent
dragonheim/gagent
1
0
Fork 0
mirror of https://github.com/dragonheim/gagent.git synced 2025-04-26 06:58:59 -07:00
Code Issues Projects Releases Packages Wiki Activity Actions

Started moving to a chainDB for tracking history.

Browse source
This commit is contained in:
James Wells 2021-12-02 05:44:53 -08:00
parent 749bd6557e
commit 458214aaa9
Signed by: jwells
GPG key ID: 73196D10B8E65666
6 changed files with 31 additions and 18 deletions
Download patch file Download diff file Expand all files Collapse all files

24
docs/VULNERABILITIES.md
View file

@ -2,26 +2,30 @@
IGNORED: We are not using the SSH features of golang.org/x/crypto
```
2021-08-30T07:10:13.085-0700 INFO Detected OS: unknown
2021-08-30T07:10:13.085-0700 INFO Number of PL dependency files: 1
2021-08-30T07:10:13.085-0700 INFO Detecting gomod vulnerabilities...
2021-11-13T10:25:13.188-0800 INFO Need to update DB
2021-11-13T10:25:13.188-0800 INFO Downloading DB...
24.70 MiB / 24.70 MiB [----------------------------------------------------------------------------------------------------------------------------------------------------------------------------] 100.00% 6.04 MiB p/s 4s
2021-11-13T10:25:18.570-0800 INFO Detected OS: unknown
2021-11-13T10:25:18.570-0800 INFO Number of PL dependency files: 2
2021-11-13T10:25:18.570-0800 INFO Detecting gobinary vulnerabilities...
2021-11-13T10:25:18.571-0800 INFO Detecting gomod vulnerabilities...
bin/gagent
==========
Total: 0 (UNKNOWN: 0, LOW: 0, MEDIUM: 0, HIGH: 0, CRITICAL: 0)
go.sum
======
Total: 2 (UNKNOWN: 0, LOW: 0, MEDIUM: 0, HIGH: 2, CRITICAL: 0)
Total: 1 (UNKNOWN: 0, LOW: 0, MEDIUM: 0, HIGH: 1, CRITICAL: 0)
+---------------------+------------------+----------+-----------------------------------+------------------------------------+---------------------------------------+
| LIBRARY | VULNERABILITY ID | SEVERITY | INSTALLED VERSION | FIXED VERSION | TITLE |
+---------------------+------------------+----------+-----------------------------------+------------------------------------+---------------------------------------+
| golang.org/x/crypto | CVE-2020-29652 | HIGH | 0.0.0-20190426145343-a29dc8fdc734 | v0.0.0-20201216223049-8b5274cf687f | golang: crypto/ssh: crafted |
| golang.org/x/crypto | CVE-2020-29652 | HIGH | 0.0.0-20200622213623-75b288015ac9 | v0.0.0-20201216223049-8b5274cf687f | golang: crypto/ssh: crafted |
| | | | | | authentication request can |
| | | | | | lead to nil pointer dereference |
| | | | | | -->avd.aquasec.com/nvd/cve-2020-29652 |
+ +------------------+ + +------------------------------------+---------------------------------------+
| | CVE-2020-9283 | | | v0.0.0-20200220183623-bac4c82f6975 | golang.org/x/crypto: Processing |
| | | | | | of crafted ssh-ed25519 |
| | | | | | public keys allows for panic |
| | | | | | -->avd.aquasec.com/nvd/cve-2020-9283 |
+---------------------+------------------+----------+-----------------------------------+------------------------------------+---------------------------------------+
```
---