We read every piece of feedback, and take your input very seriously.
To see all available qualifiers, see our documentation.
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Describe the bug:
Running a security scan such as Trivy on the latest released version reported several CVEs:
$ trivy --version Version: 0.51.1 $ trivy image --vuln-type library zilliz/attu:v2.3.10 ... Node.js (node-pkg) Total: 2 (UNKNOWN: 0, LOW: 0, MEDIUM: 1, HIGH: 0, CRITICAL: 1) ┌───────────────────────────┬────────────────┬──────────┬────────┬───────────────────┬───────────────┬──────────────────────────────────────────────────────────┐ │ Library │ Vulnerability │ Severity │ Status │ Installed Version │ Fixed Version │ Title │ ├───────────────────────────┼────────────────┼──────────┼────────┼───────────────────┼───────────────┼──────────────────────────────────────────────────────────┤ │ protobufjs (package.json) │ CVE-2023-36665 │ CRITICAL │ fixed │ 7.2.4 │ 7.2.5, 6.11.4 │ protobufjs: prototype pollution using user-controlled │ │ │ │ │ │ │ │ protobuf message │ │ │ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-36665 │ ├───────────────────────────┼────────────────┼──────────┤ ├───────────────────┼───────────────┼──────────────────────────────────────────────────────────┤ │ tar (package.json) │ CVE-2024-28863 │ MEDIUM │ │ 6.2.0 │ 6.2.1 │ node-tar is a Tar for Node.js. node-tar prior to version │ │ │ │ │ │ │ │ 6.2.1 has... │ │ │ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2024-28863 │ └───────────────────────────┴────────────────┴──────────┴────────┴───────────────────┴───────────────┴──────────────────────────────────────────────────────────┘
Could you please confirm whether this vulnerabilities affect attu and if so, if there are any plan to update the affected depencencies?
Steps to reproduce:
Attu version:
v2.3.10
The text was updated successfully, but these errors were encountered:
Some CVEs were already reported in #221
Sorry, something went wrong.
https://github.com/zilliztech/attu/releases/tag/v2.4.0
v2.4.0 has been released.
No branches or pull requests
Describe the bug:
Running a security scan such as Trivy on the latest released version reported several CVEs:
Could you please confirm whether this vulnerabilities affect attu and if so, if there are any plan to update the affected depencencies?
Steps to reproduce:
Attu version:
v2.3.10
The text was updated successfully, but these errors were encountered: