Skip to content

Release 2.0.0

Release 2.0.0 #35

GitHub Actions / node-red:3.1.x-main-linux-arm64 scan results succeeded Jan 18, 2024 in 0s

3 fail in 0s

3 tests  ±0   0 ✅ ±0   0s ⏱️ ±0s
2 suites ±0   0 💤 ±0 
1 files   ±0   3 ❌ ±0 

Results for commit ee51b54. ± Comparison against earlier commit defcf43.

Annotations

Check warning on line 0 in libcrypto3-3.1.4-r3

See this annotation in the file changed.

@github-actions github-actions / node-red:3.1.x-main-linux-arm64 scan results

[MEDIUM] CVE-2023-6237 (libcrypto3-3.1.4-r3) failed

trivy-junit-results.xml
Raw output
openssl: Excessive time spent checking invalid RSA public keys
A flaw was found in OpenSSL. When the EVP_PKEY_public_check() function is called in RSA public keys, a computation is done to confirm that the RSA modulus, n, is composite. For valid RSA keys, n is a product of two or more large primes and this computation completes quickly. However, if n is a large prime, this computation takes a long time. An application that calls EVP_PKEY_public_check() and supplies an RSA key obtained from an untrusted source could be vulnerable to a Denial of Service attack.

Check warning on line 0 in libssl3-3.1.4-r3

See this annotation in the file changed.

@github-actions github-actions / node-red:3.1.x-main-linux-arm64 scan results

[MEDIUM] CVE-2023-6237 (libssl3-3.1.4-r3) failed

trivy-junit-results.xml
Raw output
openssl: Excessive time spent checking invalid RSA public keys
A flaw was found in OpenSSL. When the EVP_PKEY_public_check() function is called in RSA public keys, a computation is done to confirm that the RSA modulus, n, is composite. For valid RSA keys, n is a product of two or more large primes and this computation completes quickly. However, if n is a large prime, this computation takes a long time. An application that calls EVP_PKEY_public_check() and supplies an RSA key obtained from an untrusted source could be vulnerable to a Denial of Service attack.

Check warning on line 0 in openssl-3.1.4-r3

See this annotation in the file changed.

@github-actions github-actions / node-red:3.1.x-main-linux-arm64 scan results

[MEDIUM] CVE-2023-6237 (openssl-3.1.4-r3) failed

trivy-junit-results.xml
Raw output
openssl: Excessive time spent checking invalid RSA public keys
A flaw was found in OpenSSL. When the EVP_PKEY_public_check() function is called in RSA public keys, a computation is done to confirm that the RSA modulus, n, is composite. For valid RSA keys, n is a product of two or more large primes and this computation completes quickly. However, if n is a large prime, this computation takes a long time. An application that calls EVP_PKEY_public_check() and supplies an RSA key obtained from an untrusted source could be vulnerable to a Denial of Service attack.