mirror of
https://github.com/dragonheim/gagent.git
synced 2025-02-23 10:29:54 -08:00
2.5 KiB
2.5 KiB
Source Code Scan
IGNORED: We are not using the SSH features of golang.org/x/crypto
2021-08-30T07:10:13.085-0700 INFO Detected OS: unknown
2021-08-30T07:10:13.085-0700 INFO Number of PL dependency files: 1
2021-08-30T07:10:13.085-0700 INFO Detecting gomod vulnerabilities...
go.sum
======
Total: 2 (UNKNOWN: 0, LOW: 0, MEDIUM: 0, HIGH: 2, CRITICAL: 0)
+---------------------+------------------+----------+-----------------------------------+------------------------------------+---------------------------------------+
| LIBRARY | VULNERABILITY ID | SEVERITY | INSTALLED VERSION | FIXED VERSION | TITLE |
+---------------------+------------------+----------+-----------------------------------+------------------------------------+---------------------------------------+
| golang.org/x/crypto | CVE-2020-29652 | HIGH | 0.0.0-20190426145343-a29dc8fdc734 | v0.0.0-20201216223049-8b5274cf687f | golang: crypto/ssh: crafted |
| | | | | | authentication request can |
| | | | | | lead to nil pointer dereference |
| | | | | | -->avd.aquasec.com/nvd/cve-2020-29652 |
+ +------------------+ + +------------------------------------+---------------------------------------+
| | CVE-2020-9283 | | | v0.0.0-20200220183623-bac4c82f6975 | golang.org/x/crypto: Processing |
| | | | | | of crafted ssh-ed25519 |
| | | | | | public keys allows for panic |
| | | | | | -->avd.aquasec.com/nvd/cve-2020-9283 |
+---------------------+------------------+----------+-----------------------------------+------------------------------------+---------------------------------------+
Image Scan
NONE