mirror of
https://github.com/dragonheim/gagent.git
synced 2025-04-05 06:12:40 -07:00
30 lines
No EOL
2.5 KiB
Markdown
30 lines
No EOL
2.5 KiB
Markdown
### [Source Code Scan](#source)
|
|
|
|
IGNORED: We are not using the SSH features of golang.org/x/crypto
|
|
```
|
|
2021-08-30T07:10:13.085-0700 INFO Detected OS: unknown
|
|
2021-08-30T07:10:13.085-0700 INFO Number of PL dependency files: 1
|
|
2021-08-30T07:10:13.085-0700 INFO Detecting gomod vulnerabilities...
|
|
|
|
go.sum
|
|
======
|
|
Total: 2 (UNKNOWN: 0, LOW: 0, MEDIUM: 0, HIGH: 2, CRITICAL: 0)
|
|
|
|
+---------------------+------------------+----------+-----------------------------------+------------------------------------+---------------------------------------+
|
|
| LIBRARY | VULNERABILITY ID | SEVERITY | INSTALLED VERSION | FIXED VERSION | TITLE |
|
|
+---------------------+------------------+----------+-----------------------------------+------------------------------------+---------------------------------------+
|
|
| golang.org/x/crypto | CVE-2020-29652 | HIGH | 0.0.0-20190426145343-a29dc8fdc734 | v0.0.0-20201216223049-8b5274cf687f | golang: crypto/ssh: crafted |
|
|
| | | | | | authentication request can |
|
|
| | | | | | lead to nil pointer dereference |
|
|
| | | | | | -->avd.aquasec.com/nvd/cve-2020-29652 |
|
|
+ +------------------+ + +------------------------------------+---------------------------------------+
|
|
| | CVE-2020-9283 | | | v0.0.0-20200220183623-bac4c82f6975 | golang.org/x/crypto: Processing |
|
|
| | | | | | of crafted ssh-ed25519 |
|
|
| | | | | | public keys allows for panic |
|
|
| | | | | | -->avd.aquasec.com/nvd/cve-2020-9283 |
|
|
+---------------------+------------------+----------+-----------------------------------+------------------------------------+---------------------------------------+
|
|
```
|
|
---
|
|
### [Image Scan](#image)
|
|
|
|
NONE |