You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Would it be possible to get a new build of the image mcelep/opa_scorecard_exporter to address the vulnerabilities below?
Snyk output:
Organization: ***
Package manager: deb
Project name: docker-image|mcelep/opa_scorecard_exporter
Docker image: mcelep/opa_scorecard_exporter
Platform: linux/amd64
Licenses: enabled
✔ Tested 3 dependencies for known issues, no vulnerable paths found.
Debian 10 is no longer supported by the Debian maintainers. Vulnerability detection may be affected by a lack of security updates.
-------------------------------------------------------
Testing mcelep/opa_scorecard_exporter...
✗ Medium severity vulnerability found in golang.org/x/sys/unix
Description: Incorrect Privilege Assignment
Info: https://security.snyk.io/vuln/SNYK-GOLANG-GOLANGORGXSYSUNIX-3310442
Introduced through: golang.org/x/sys/[email protected]
From: golang.org/x/sys/[email protected]
Fixed in: 0.1.0
✗ Medium severity vulnerability found in golang.org/x/net/http2
Description: Denial of Service (DoS)
Info: https://security.snyk.io/vuln/SNYK-GOLANG-GOLANGORGXNETHTTP2-3160322
Introduced through: golang.org/x/net/[email protected]
From: golang.org/x/net/[email protected]
Fixed in: 0.4.0
✗ Medium severity vulnerability found in golang.org/x/net/http/httpguts
Description: Denial of Service (DoS)
Info: https://security.snyk.io/vuln/SNYK-GOLANG-GOLANGORGXNETHTTPHTTPGUTS-3314986
Introduced through: golang.org/x/net/http/[email protected]
From: golang.org/x/net/http/[email protected]
Fixed in: 0.0.0-20210428140749-89ef3d95e781
✗ High severity vulnerability found in k8s.io/apimachinery/pkg/util/runtime
Description: Denial of Service (DoS)
Info: https://security.snyk.io/vuln/SNYK-GOLANG-K8SIOAPIMACHINERYPKGUTILRUNTIME-8367153
Introduced through: k8s.io/apimachinery/pkg/util/[email protected]
From: k8s.io/apimachinery/pkg/util/[email protected]
Fixed in: 0.29.0-alpha.3, 1.29.0-alpha.3
✗ High severity vulnerability found in gopkg.in/yaml.v3
Description: Denial of Service (DoS)
Info: https://security.snyk.io/vuln/SNYK-GOLANG-GOPKGINYAMLV3-2841557
Introduced through: gopkg.in/[email protected]
From: gopkg.in/[email protected]
Fixed in: 3.0.0
✗ High severity vulnerability found in gopkg.in/yaml.v3
Description: NULL Pointer Dereference
Info: https://security.snyk.io/vuln/SNYK-GOLANG-GOPKGINYAMLV3-2952714
Introduced through: gopkg.in/[email protected]
From: gopkg.in/[email protected]
Fixed in: 3.0.1
✗ High severity vulnerability found in golang.org/x/net/http2/hpack
Description: Denial of Service (DoS)
Info: https://security.snyk.io/vuln/SNYK-GOLANG-GOLANGORGXNETHTTP2HPACK-3358253
Introduced through: golang.org/x/net/http2/[email protected]
From: golang.org/x/net/http2/[email protected]
Fixed in: 0.7.0
✗ High severity vulnerability found in golang.org/x/net/http2
Description: Denial of Service (DoS)
Info: https://security.snyk.io/vuln/SNYK-GOLANG-GOLANGORGXNETHTTP2-2313688
Introduced through: golang.org/x/net/[email protected]
From: golang.org/x/net/[email protected]
Fixed in: 0.0.0-20211209124913-491a49abca63
✗ High severity vulnerability found in golang.org/x/net/http2
Description: Denial of Service
Info: https://security.snyk.io/vuln/SNYK-GOLANG-GOLANGORGXNETHTTP2-3028257
Introduced through: golang.org/x/net/[email protected]
From: golang.org/x/net/[email protected]
Fixed in: 0.0.0-20220906165146-f3363e06e74c, 1.18.6, 1.19.1
✗ High severity vulnerability found in golang.org/x/net/http2
Description: Denial of Service (DoS)
Info: https://security.snyk.io/vuln/SNYK-GOLANG-GOLANGORGXNETHTTP2-3323837
Introduced through: golang.org/x/net/[email protected]
From: golang.org/x/net/[email protected]
Fixed in: 0.7.0
✗ High severity vulnerability found in golang.org/x/net/http2
Description: Denial of Service (DoS)
Info: https://security.snyk.io/vuln/SNYK-GOLANG-GOLANGORGXNETHTTP2-5953327
Introduced through: golang.org/x/net/[email protected]
From: golang.org/x/net/[email protected]
Fixed in: 0.17.0
✗ High severity vulnerability found in golang.org/x/net/http2
Description: Allocation of Resources Without Limits or Throttling
Info: https://security.snyk.io/vuln/SNYK-GOLANG-GOLANGORGXNETHTTP2-5958903
Introduced through: golang.org/x/net/[email protected]
From: golang.org/x/net/[email protected]
Fixed in: 0.17.0
✗ High severity vulnerability found in golang.org/x/net/http2
Description: Allocation of Resources Without Limits or Throttling
Info: https://security.snyk.io/vuln/SNYK-GOLANG-GOLANGORGXNETHTTP2-6531285
Introduced through: golang.org/x/net/[email protected]
From: golang.org/x/net/[email protected]
Fixed in: 0.23.0
✗ High severity vulnerability found in github.com/prometheus/client_golang/prometheus/promhttp
Description: Denial of Service (DoS)
Info: https://security.snyk.io/vuln/SNYK-GOLANG-GITHUBCOMPROMETHEUSCLIENTGOLANGPROMETHEUSPROMHTTP-2401819
Introduced through: github.com/prometheus/client_golang/prometheus/[email protected]
From: github.com/prometheus/client_golang/prometheus/[email protected]
Fixed in: 1.11.1
Organization: ***
Package manager: gomodules
Target file: /app/opa_scorecard_exporter
Project name: github.com/mcelep/opa_scorecard_exporter
Docker image: mcelep/opa_scorecard_exporter
Licenses: enabled
Tested 231 dependencies for known issues, found 14 issues.```
The text was updated successfully, but these errors were encountered:
Would it be possible to get a new build of the image mcelep/opa_scorecard_exporter to address the vulnerabilities below?
Snyk output:
The text was updated successfully, but these errors were encountered: