-
-
Notifications
You must be signed in to change notification settings - Fork 0
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
chore(master): release 2.0.12 #62
chore(master): release 2.0.12 #62
Conversation
Outdated🔍 Vulnerabilities of
|
digest | sha256:2215267afb33d93392d8d16b41c461a569bf52a442e5af4c4add1371b73f26e3 |
vulnerabilities | |
platform | linux/amd64 |
size | 54 MB |
packages | 216 |
📦 Base Image alpine:3
also known as |
|
digest | sha256:2c43f33bd1502ec7818bce9eea60e062d04eeadc4aa31cad9dabecb1e48b647b |
vulnerabilities |
cross-spawn
|
Affected range | >=7.0.0 |
Fixed version | 7.0.5 |
CVSS Score | 7.5 |
CVSS Vector | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H |
EPSS Score | 0.045% |
EPSS Percentile | 18th percentile |
Description
Versions of the package cross-spawn before 7.0.5 are vulnerable to Regular Expression Denial of Service (ReDoS) due to improper input sanitization. An attacker can increase the CPU usage and crash the program by crafting a very large and well crafted string.
🔍 Vulnerabilities of
|
digest | sha256:10d483552d27d21c83fbc549472f2c06ed266892bc9354a828e1a5e5d102e27c |
vulnerabilities | |
platform | linux/amd64 |
size | 63 MB |
packages | 235 |
📦 Base Image alpine:3
also known as |
|
digest | sha256:2c43f33bd1502ec7818bce9eea60e062d04eeadc4aa31cad9dabecb1e48b647b |
vulnerabilities |
cross-spawn
|
Affected range | >=7.0.0 |
Fixed version | 7.0.5 |
CVSS Score | 7.5 |
CVSS Vector | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H |
EPSS Score | 0.045% |
EPSS Percentile | 18th percentile |
Description
Versions of the package cross-spawn before 7.0.5 are vulnerable to Regular Expression Denial of Service (ReDoS) due to improper input sanitization. An attacker can increase the CPU usage and crash the program by crafting a very large and well crafted string.
Recommended fixes for image
|
Name | 3.21.0 |
Digest | sha256:2c43f33bd1502ec7818bce9eea60e062d04eeadc4aa31cad9dabecb1e48b647b |
Vulnerabilities | |
Pushed | 1 week ago |
Size | 3.6 MB |
Packages | 19 |
OS | 3.21.0 |
The base image is also available under the supported tag(s):3.21
,3.21.0
,latest
Refresh base image
Rebuild the image using a newer base image version. Updating this may result in breaking changes.✅ This image version is up to date.
Change base image
✅ There are no tag recommendations at this time.
🤖 Created releases:
|
🤖 I have created a release beep boop
2.0.12 (2024-12-16)
Dependencies
This PR was generated with Release Please. See documentation.