fix(trivy-to-vuls): remove cvss/severity duplicates, list all severities #1929
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
setup$ docker build -t test-cve-2013-1629-cve-2023-26154 -f ./Dockerfile .
$ trivy -q image -f=json --scanners vuln test-cve-2013-1629-cve-2023-26154 > test-cve-2013-1629-cve-2023-26154.jsonbefore$ cat test-cve-2013-1629-cve-2023-26154.json | trivy-to-vuls parse -s | jq '.scannedCves["CVE-2013-1629","CVE-2023-26154"]'after$ cat test-cve-2013-1629-cve-2023-26154.json | trivy-to-vuls parse -s | jq '.scannedCves["CVE-2013-1629","CVE-2023-26154"]' |
|
Lines 83 to 84 in dccdd8a config.toml [servers]
[servers.pseudo]
type = "pseudo"
lockfiles = ["Cargo.lock", "composer.lock"]master: dccdd8a $ vuls scan
$ vuls report
[May 21 17:49:09] INFO [localhost] vuls-v0.25.4-build-20240521_174617_dccdd8a
...
$ cat results/2024-05-21T17-49-09+0900/pseudo.json | jq .scannedCves
{
"CVE-2023-26154": {
"cveID": "CVE-2023-26154",
"confidences": [
{
"score": 100,
"detectionMethod": "TrivyMatch"
}
],
"cveContents": {
"trivy:ghsa": [
{
"type": "trivy:ghsa",
"cveID": "CVE-2023-26154",
"title": "pubnub Insufficient Entropy vulnerability",
"summary": "Versions of the package pubnub before 7.4.0; all versions of the package com.pubnub:pubnub; versions of the package pubnub before 6.19.0; all versions of the package github.com/pubnub/go; versions of the package github.com/pubnub/go/v7 before 7.2.0; versions of the package pubnub before 7.3.0; versions of the package pubnub/pubnub before 6.1.0; versions of the package pubnub before 5.3.0; versions of the package pubnub before 0.4.0; versions of the package pubnub/c-core before 4.5.0; versions of the package com.pubnub:pubnub-kotlin before 7.7.0; versions of the package pubnub/swift before 6.2.0; versions of the package pubnub before 5.2.0; versions of the package pubnub before 4.3.0 are vulnerable to Insufficient Entropy via the getKey function, due to inefficient implementation of the AES-256-CBC cryptographic algorithm. The provided encrypt function is less secure when hex encoding and trimming are applied, leaving half of the bits in the key always the same for every encoded message or file.\r\r**Note:**\r\rIn order to exploit this vulnerability, the attacker needs to invest resources in preparing the attack and brute-force the encryption.",
"cvss2Score": 0,
"cvss2Vector": "",
"cvss2Severity": "",
"cvss3Score": 5.9,
"cvss3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
"cvss3Severity": "",
"sourceLink": "",
"references": [
{
"link": "https://gist.github.com/vargad/20237094fce7a0a28f0723d7ce395bb0",
"source": "trivy"
},
{
"link": "https://github.com/advisories/GHSA-5844-q3fc-56rh",
"source": "trivy"
},
{
"link": "https://github.com/pubnub/go/commit/428517fef5b901db7275d9f5a75eda89a4c28e08",
"source": "trivy"
},
{
"link": "https://github.com/pubnub/javascript",
"source": "trivy"
},
{
"link": "https://github.com/pubnub/javascript/blob/master/src/crypto/modules/web.js#L70",
"source": "trivy"
},
{
"link": "https://github.com/pubnub/javascript/blob/master/src/crypto/modules/web.js%23L70",
"source": "trivy"
},
{
"link": "https://github.com/pubnub/javascript/commit/fb6cd0417cbb4ba87ea2d5d86a9c94774447e119",
"source": "trivy"
},
{
"link": "https://github.com/pubnub/ruby/releases/tag/v5.3.0",
"source": "trivy"
},
{
"link": "https://github.com/rubysec/ruby-advisory-db/blob/master/gems/pubnub/CVE-2023-26154.yml",
"source": "trivy"
},
{
"link": "https://nvd.nist.gov/vuln/detail/CVE-2023-26154",
"source": "trivy"
},
{
"link": "https://security.snyk.io/vuln/SNYK-COCOAPODS-PUBNUB-6098384",
"source": "trivy"
},
{
"link": "https://security.snyk.io/vuln/SNYK-DOTNET-PUBNUB-6098372",
"source": "trivy"
},
{
"link": "https://security.snyk.io/vuln/SNYK-GOLANG-GITHUBCOMPUBNUBGO-6098373",
"source": "trivy"
},
{
"link": "https://security.snyk.io/vuln/SNYK-GOLANG-GITHUBCOMPUBNUBGOV7-6098374",
"source": "trivy"
},
{
"link": "https://security.snyk.io/vuln/SNYK-JAVA-COMPUBNUB-6098371",
"source": "trivy"
},
{
"link": "https://security.snyk.io/vuln/SNYK-JAVA-COMPUBNUB-6098380",
"source": "trivy"
},
{
"link": "https://security.snyk.io/vuln/SNYK-JS-PUBNUB-5840690",
"source": "trivy"
},
{
"link": "https://security.snyk.io/vuln/SNYK-PHP-PUBNUBPUBNUB-6098376",
"source": "trivy"
},
{
"link": "https://security.snyk.io/vuln/SNYK-PUB-PUBNUB-6098385",
"source": "trivy"
},
{
"link": "https://security.snyk.io/vuln/SNYK-PYTHON-PUBNUB-6098375",
"source": "trivy"
},
{
"link": "https://security.snyk.io/vuln/SNYK-RUBY-PUBNUB-6098377",
"source": "trivy"
},
{
"link": "https://security.snyk.io/vuln/SNYK-RUST-PUBNUB-6098378",
"source": "trivy"
},
{
"link": "https://security.snyk.io/vuln/SNYK-SWIFT-PUBNUBSWIFT-6098381",
"source": "trivy"
},
{
"link": "https://security.snyk.io/vuln/SNYK-UNMANAGED-PUBNUBCCORE-6098379",
"source": "trivy"
}
],
"published": "2023-12-06T05:15:10.437Z",
"lastModified": "2023-12-11T17:48:03.653Z"
},
{
"type": "trivy:ghsa",
"cveID": "CVE-2023-26154",
"title": "pubnub Insufficient Entropy vulnerability",
"summary": "Versions of the package pubnub before 7.4.0; all versions of the package com.pubnub:pubnub; versions of the package pubnub before 6.19.0; all versions of the package github.com/pubnub/go; versions of the package github.com/pubnub/go/v7 before 7.2.0; versions of the package pubnub before 7.3.0; versions of the package pubnub/pubnub before 6.1.0; versions of the package pubnub before 5.3.0; versions of the package pubnub before 0.4.0; versions of the package pubnub/c-core before 4.5.0; versions of the package com.pubnub:pubnub-kotlin before 7.7.0; versions of the package pubnub/swift before 6.2.0; versions of the package pubnub before 5.2.0; versions of the package pubnub before 4.3.0 are vulnerable to Insufficient Entropy via the getKey function, due to inefficient implementation of the AES-256-CBC cryptographic algorithm. The provided encrypt function is less secure when hex encoding and trimming are applied, leaving half of the bits in the key always the same for every encoded message or file.\r\r**Note:**\r\rIn order to exploit this vulnerability, the attacker needs to invest resources in preparing the attack and brute-force the encryption.",
"cvss2Score": 0,
"cvss2Vector": "",
"cvss2Severity": "",
"cvss3Score": 0,
"cvss3Vector": "",
"cvss3Severity": "MEDIUM",
"sourceLink": "",
"references": [
{
"link": "https://gist.github.com/vargad/20237094fce7a0a28f0723d7ce395bb0",
"source": "trivy"
},
{
"link": "https://github.com/advisories/GHSA-5844-q3fc-56rh",
"source": "trivy"
},
{
"link": "https://github.com/pubnub/go/commit/428517fef5b901db7275d9f5a75eda89a4c28e08",
"source": "trivy"
},
{
"link": "https://github.com/pubnub/javascript",
"source": "trivy"
},
{
"link": "https://github.com/pubnub/javascript/blob/master/src/crypto/modules/web.js#L70",
"source": "trivy"
},
{
"link": "https://github.com/pubnub/javascript/blob/master/src/crypto/modules/web.js%23L70",
"source": "trivy"
},
{
"link": "https://github.com/pubnub/javascript/commit/fb6cd0417cbb4ba87ea2d5d86a9c94774447e119",
"source": "trivy"
},
{
"link": "https://github.com/pubnub/ruby/releases/tag/v5.3.0",
"source": "trivy"
},
{
"link": "https://github.com/rubysec/ruby-advisory-db/blob/master/gems/pubnub/CVE-2023-26154.yml",
"source": "trivy"
},
{
"link": "https://nvd.nist.gov/vuln/detail/CVE-2023-26154",
"source": "trivy"
},
{
"link": "https://security.snyk.io/vuln/SNYK-COCOAPODS-PUBNUB-6098384",
"source": "trivy"
},
{
"link": "https://security.snyk.io/vuln/SNYK-DOTNET-PUBNUB-6098372",
"source": "trivy"
},
{
"link": "https://security.snyk.io/vuln/SNYK-GOLANG-GITHUBCOMPUBNUBGO-6098373",
"source": "trivy"
},
{
"link": "https://security.snyk.io/vuln/SNYK-GOLANG-GITHUBCOMPUBNUBGOV7-6098374",
"source": "trivy"
},
{
"link": "https://security.snyk.io/vuln/SNYK-JAVA-COMPUBNUB-6098371",
"source": "trivy"
},
{
"link": "https://security.snyk.io/vuln/SNYK-JAVA-COMPUBNUB-6098380",
"source": "trivy"
},
{
"link": "https://security.snyk.io/vuln/SNYK-JS-PUBNUB-5840690",
"source": "trivy"
},
{
"link": "https://security.snyk.io/vuln/SNYK-PHP-PUBNUBPUBNUB-6098376",
"source": "trivy"
},
{
"link": "https://security.snyk.io/vuln/SNYK-PUB-PUBNUB-6098385",
"source": "trivy"
},
{
"link": "https://security.snyk.io/vuln/SNYK-PYTHON-PUBNUB-6098375",
"source": "trivy"
},
{
"link": "https://security.snyk.io/vuln/SNYK-RUBY-PUBNUB-6098377",
"source": "trivy"
},
{
"link": "https://security.snyk.io/vuln/SNYK-RUST-PUBNUB-6098378",
"source": "trivy"
},
{
"link": "https://security.snyk.io/vuln/SNYK-SWIFT-PUBNUBSWIFT-6098381",
"source": "trivy"
},
{
"link": "https://security.snyk.io/vuln/SNYK-UNMANAGED-PUBNUBCCORE-6098379",
"source": "trivy"
}
],
"published": "2023-12-06T05:15:10.437Z",
"lastModified": "2023-12-11T17:48:03.653Z"
}
],
"trivy:nvd": [
{
"type": "trivy:nvd",
"cveID": "CVE-2023-26154",
"title": "pubnub Insufficient Entropy vulnerability",
"summary": "Versions of the package pubnub before 7.4.0; all versions of the package com.pubnub:pubnub; versions of the package pubnub before 6.19.0; all versions of the package github.com/pubnub/go; versions of the package github.com/pubnub/go/v7 before 7.2.0; versions of the package pubnub before 7.3.0; versions of the package pubnub/pubnub before 6.1.0; versions of the package pubnub before 5.3.0; versions of the package pubnub before 0.4.0; versions of the package pubnub/c-core before 4.5.0; versions of the package com.pubnub:pubnub-kotlin before 7.7.0; versions of the package pubnub/swift before 6.2.0; versions of the package pubnub before 5.2.0; versions of the package pubnub before 4.3.0 are vulnerable to Insufficient Entropy via the getKey function, due to inefficient implementation of the AES-256-CBC cryptographic algorithm. The provided encrypt function is less secure when hex encoding and trimming are applied, leaving half of the bits in the key always the same for every encoded message or file.\r\r**Note:**\r\rIn order to exploit this vulnerability, the attacker needs to invest resources in preparing the attack and brute-force the encryption.",
"cvss2Score": 0,
"cvss2Vector": "",
"cvss2Severity": "",
"cvss3Score": 5.9,
"cvss3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
"cvss3Severity": "",
"sourceLink": "",
"references": [
{
"link": "https://gist.github.com/vargad/20237094fce7a0a28f0723d7ce395bb0",
"source": "trivy"
},
{
"link": "https://github.com/advisories/GHSA-5844-q3fc-56rh",
"source": "trivy"
},
{
"link": "https://github.com/pubnub/go/commit/428517fef5b901db7275d9f5a75eda89a4c28e08",
"source": "trivy"
},
{
"link": "https://github.com/pubnub/javascript",
"source": "trivy"
},
{
"link": "https://github.com/pubnub/javascript/blob/master/src/crypto/modules/web.js#L70",
"source": "trivy"
},
{
"link": "https://github.com/pubnub/javascript/blob/master/src/crypto/modules/web.js%23L70",
"source": "trivy"
},
{
"link": "https://github.com/pubnub/javascript/commit/fb6cd0417cbb4ba87ea2d5d86a9c94774447e119",
"source": "trivy"
},
{
"link": "https://github.com/pubnub/ruby/releases/tag/v5.3.0",
"source": "trivy"
},
{
"link": "https://github.com/rubysec/ruby-advisory-db/blob/master/gems/pubnub/CVE-2023-26154.yml",
"source": "trivy"
},
{
"link": "https://nvd.nist.gov/vuln/detail/CVE-2023-26154",
"source": "trivy"
},
{
"link": "https://security.snyk.io/vuln/SNYK-COCOAPODS-PUBNUB-6098384",
"source": "trivy"
},
{
"link": "https://security.snyk.io/vuln/SNYK-DOTNET-PUBNUB-6098372",
"source": "trivy"
},
{
"link": "https://security.snyk.io/vuln/SNYK-GOLANG-GITHUBCOMPUBNUBGO-6098373",
"source": "trivy"
},
{
"link": "https://security.snyk.io/vuln/SNYK-GOLANG-GITHUBCOMPUBNUBGOV7-6098374",
"source": "trivy"
},
{
"link": "https://security.snyk.io/vuln/SNYK-JAVA-COMPUBNUB-6098371",
"source": "trivy"
},
{
"link": "https://security.snyk.io/vuln/SNYK-JAVA-COMPUBNUB-6098380",
"source": "trivy"
},
{
"link": "https://security.snyk.io/vuln/SNYK-JS-PUBNUB-5840690",
"source": "trivy"
},
{
"link": "https://security.snyk.io/vuln/SNYK-PHP-PUBNUBPUBNUB-6098376",
"source": "trivy"
},
{
"link": "https://security.snyk.io/vuln/SNYK-PUB-PUBNUB-6098385",
"source": "trivy"
},
{
"link": "https://security.snyk.io/vuln/SNYK-PYTHON-PUBNUB-6098375",
"source": "trivy"
},
{
"link": "https://security.snyk.io/vuln/SNYK-RUBY-PUBNUB-6098377",
"source": "trivy"
},
{
"link": "https://security.snyk.io/vuln/SNYK-RUST-PUBNUB-6098378",
"source": "trivy"
},
{
"link": "https://security.snyk.io/vuln/SNYK-SWIFT-PUBNUBSWIFT-6098381",
"source": "trivy"
},
{
"link": "https://security.snyk.io/vuln/SNYK-UNMANAGED-PUBNUBCCORE-6098379",
"source": "trivy"
}
],
"published": "2023-12-06T05:15:10.437Z",
"lastModified": "2023-12-11T17:48:03.653Z"
},
{
"type": "trivy:nvd",
"cveID": "CVE-2023-26154",
"title": "pubnub Insufficient Entropy vulnerability",
"summary": "Versions of the package pubnub before 7.4.0; all versions of the package com.pubnub:pubnub; versions of the package pubnub before 6.19.0; all versions of the package github.com/pubnub/go; versions of the package github.com/pubnub/go/v7 before 7.2.0; versions of the package pubnub before 7.3.0; versions of the package pubnub/pubnub before 6.1.0; versions of the package pubnub before 5.3.0; versions of the package pubnub before 0.4.0; versions of the package pubnub/c-core before 4.5.0; versions of the package com.pubnub:pubnub-kotlin before 7.7.0; versions of the package pubnub/swift before 6.2.0; versions of the package pubnub before 5.2.0; versions of the package pubnub before 4.3.0 are vulnerable to Insufficient Entropy via the getKey function, due to inefficient implementation of the AES-256-CBC cryptographic algorithm. The provided encrypt function is less secure when hex encoding and trimming are applied, leaving half of the bits in the key always the same for every encoded message or file.\r\r**Note:**\r\rIn order to exploit this vulnerability, the attacker needs to invest resources in preparing the attack and brute-force the encryption.",
"cvss2Score": 0,
"cvss2Vector": "",
"cvss2Severity": "",
"cvss3Score": 0,
"cvss3Vector": "",
"cvss3Severity": "MEDIUM",
"sourceLink": "",
"references": [
{
"link": "https://gist.github.com/vargad/20237094fce7a0a28f0723d7ce395bb0",
"source": "trivy"
},
{
"link": "https://github.com/advisories/GHSA-5844-q3fc-56rh",
"source": "trivy"
},
{
"link": "https://github.com/pubnub/go/commit/428517fef5b901db7275d9f5a75eda89a4c28e08",
"source": "trivy"
},
{
"link": "https://github.com/pubnub/javascript",
"source": "trivy"
},
{
"link": "https://github.com/pubnub/javascript/blob/master/src/crypto/modules/web.js#L70",
"source": "trivy"
},
{
"link": "https://github.com/pubnub/javascript/blob/master/src/crypto/modules/web.js%23L70",
"source": "trivy"
},
{
"link": "https://github.com/pubnub/javascript/commit/fb6cd0417cbb4ba87ea2d5d86a9c94774447e119",
"source": "trivy"
},
{
"link": "https://github.com/pubnub/ruby/releases/tag/v5.3.0",
"source": "trivy"
},
{
"link": "https://github.com/rubysec/ruby-advisory-db/blob/master/gems/pubnub/CVE-2023-26154.yml",
"source": "trivy"
},
{
"link": "https://nvd.nist.gov/vuln/detail/CVE-2023-26154",
"source": "trivy"
},
{
"link": "https://security.snyk.io/vuln/SNYK-COCOAPODS-PUBNUB-6098384",
"source": "trivy"
},
{
"link": "https://security.snyk.io/vuln/SNYK-DOTNET-PUBNUB-6098372",
"source": "trivy"
},
{
"link": "https://security.snyk.io/vuln/SNYK-GOLANG-GITHUBCOMPUBNUBGO-6098373",
"source": "trivy"
},
{
"link": "https://security.snyk.io/vuln/SNYK-GOLANG-GITHUBCOMPUBNUBGOV7-6098374",
"source": "trivy"
},
{
"link": "https://security.snyk.io/vuln/SNYK-JAVA-COMPUBNUB-6098371",
"source": "trivy"
},
{
"link": "https://security.snyk.io/vuln/SNYK-JAVA-COMPUBNUB-6098380",
"source": "trivy"
},
{
"link": "https://security.snyk.io/vuln/SNYK-JS-PUBNUB-5840690",
"source": "trivy"
},
{
"link": "https://security.snyk.io/vuln/SNYK-PHP-PUBNUBPUBNUB-6098376",
"source": "trivy"
},
{
"link": "https://security.snyk.io/vuln/SNYK-PUB-PUBNUB-6098385",
"source": "trivy"
},
{
"link": "https://security.snyk.io/vuln/SNYK-PYTHON-PUBNUB-6098375",
"source": "trivy"
},
{
"link": "https://security.snyk.io/vuln/SNYK-RUBY-PUBNUB-6098377",
"source": "trivy"
},
{
"link": "https://security.snyk.io/vuln/SNYK-RUST-PUBNUB-6098378",
"source": "trivy"
},
{
"link": "https://security.snyk.io/vuln/SNYK-SWIFT-PUBNUBSWIFT-6098381",
"source": "trivy"
},
{
"link": "https://security.snyk.io/vuln/SNYK-UNMANAGED-PUBNUBCCORE-6098379",
"source": "trivy"
}
],
"published": "2023-12-06T05:15:10.437Z",
"lastModified": "2023-12-11T17:48:03.653Z"
}
],
"trivy:ruby-advisory-db": [
{
"type": "trivy:ruby-advisory-db",
"cveID": "CVE-2023-26154",
"title": "pubnub Insufficient Entropy vulnerability",
"summary": "Versions of the package pubnub before 7.4.0; all versions of the package com.pubnub:pubnub; versions of the package pubnub before 6.19.0; all versions of the package github.com/pubnub/go; versions of the package github.com/pubnub/go/v7 before 7.2.0; versions of the package pubnub before 7.3.0; versions of the package pubnub/pubnub before 6.1.0; versions of the package pubnub before 5.3.0; versions of the package pubnub before 0.4.0; versions of the package pubnub/c-core before 4.5.0; versions of the package com.pubnub:pubnub-kotlin before 7.7.0; versions of the package pubnub/swift before 6.2.0; versions of the package pubnub before 5.2.0; versions of the package pubnub before 4.3.0 are vulnerable to Insufficient Entropy via the getKey function, due to inefficient implementation of the AES-256-CBC cryptographic algorithm. The provided encrypt function is less secure when hex encoding and trimming are applied, leaving half of the bits in the key always the same for every encoded message or file.\r\r**Note:**\r\rIn order to exploit this vulnerability, the attacker needs to invest resources in preparing the attack and brute-force the encryption.",
"cvss2Score": 0,
"cvss2Vector": "",
"cvss2Severity": "",
"cvss3Score": 0,
"cvss3Vector": "",
"cvss3Severity": "MEDIUM",
"sourceLink": "",
"references": [
{
"link": "https://gist.github.com/vargad/20237094fce7a0a28f0723d7ce395bb0",
"source": "trivy"
},
{
"link": "https://github.com/advisories/GHSA-5844-q3fc-56rh",
"source": "trivy"
},
{
"link": "https://github.com/pubnub/go/commit/428517fef5b901db7275d9f5a75eda89a4c28e08",
"source": "trivy"
},
{
"link": "https://github.com/pubnub/javascript",
"source": "trivy"
},
{
"link": "https://github.com/pubnub/javascript/blob/master/src/crypto/modules/web.js#L70",
"source": "trivy"
},
{
"link": "https://github.com/pubnub/javascript/blob/master/src/crypto/modules/web.js%23L70",
"source": "trivy"
},
{
"link": "https://github.com/pubnub/javascript/commit/fb6cd0417cbb4ba87ea2d5d86a9c94774447e119",
"source": "trivy"
},
{
"link": "https://github.com/pubnub/ruby/releases/tag/v5.3.0",
"source": "trivy"
},
{
"link": "https://github.com/rubysec/ruby-advisory-db/blob/master/gems/pubnub/CVE-2023-26154.yml",
"source": "trivy"
},
{
"link": "https://nvd.nist.gov/vuln/detail/CVE-2023-26154",
"source": "trivy"
},
{
"link": "https://security.snyk.io/vuln/SNYK-COCOAPODS-PUBNUB-6098384",
"source": "trivy"
},
{
"link": "https://security.snyk.io/vuln/SNYK-DOTNET-PUBNUB-6098372",
"source": "trivy"
},
{
"link": "https://security.snyk.io/vuln/SNYK-GOLANG-GITHUBCOMPUBNUBGO-6098373",
"source": "trivy"
},
{
"link": "https://security.snyk.io/vuln/SNYK-GOLANG-GITHUBCOMPUBNUBGOV7-6098374",
"source": "trivy"
},
{
"link": "https://security.snyk.io/vuln/SNYK-JAVA-COMPUBNUB-6098371",
"source": "trivy"
},
{
"link": "https://security.snyk.io/vuln/SNYK-JAVA-COMPUBNUB-6098380",
"source": "trivy"
},
{
"link": "https://security.snyk.io/vuln/SNYK-JS-PUBNUB-5840690",
"source": "trivy"
},
{
"link": "https://security.snyk.io/vuln/SNYK-PHP-PUBNUBPUBNUB-6098376",
"source": "trivy"
},
{
"link": "https://security.snyk.io/vuln/SNYK-PUB-PUBNUB-6098385",
"source": "trivy"
},
{
"link": "https://security.snyk.io/vuln/SNYK-PYTHON-PUBNUB-6098375",
"source": "trivy"
},
{
"link": "https://security.snyk.io/vuln/SNYK-RUBY-PUBNUB-6098377",
"source": "trivy"
},
{
"link": "https://security.snyk.io/vuln/SNYK-RUST-PUBNUB-6098378",
"source": "trivy"
},
{
"link": "https://security.snyk.io/vuln/SNYK-SWIFT-PUBNUBSWIFT-6098381",
"source": "trivy"
},
{
"link": "https://security.snyk.io/vuln/SNYK-UNMANAGED-PUBNUBCCORE-6098379",
"source": "trivy"
}
],
"published": "2023-12-06T05:15:10.437Z",
"lastModified": "2023-12-11T17:48:03.653Z"
}
]
},
"alertDict": {
"cisa": null,
"jpcert": null,
"uscert": null
},
"libraryFixedIns": [
{
"key": "rust",
"name": "pubnub",
"fixedIn": "0.4.0",
"path": "home/mainek00n/Downloads/test/Cargo.lock"
},
{
"key": "php",
"name": "pubnub/pubnub",
"fixedIn": "6.1.0",
"path": "home/mainek00n/Downloads/test/composer.lock"
}
]
}
}
|
MaineK00n
force-pushed
the
MaineK00n/trivy-cvecontents
branch
from
4e2281e to
3b5ac11
Compare
|
Could you please fill out before/after at the comment #1929 (comment) ? |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
If this Pull Request is work in progress, Add a prefix of “[WIP]” in the title.
What did you implement:
Fixes #1924
Type of change
How Has This Been Tested?
unit test
Checklist:
You don't have to satisfy all of the following.
make fmtmake testIs this ready for review?: YES
Reference