If this issue was unresolved, our CI wouldn't be passed fully.

Sorry for the bad news.

kubespheredev/ks-jenkins:pr-78 (debian 11.2)
============================================
Total: 0 (HIGH: 0, CRITICAL: 0)


Java (jar)
==========
Total: 0 (HIGH: 0, CRITICAL: 0)


usr/local/bin/git-lfs (gobinary)
================================
Total: 1 (HIGH: 1, CRITICAL: 0)

+---------------------+------------------+----------+------------------------------------+------------------------------------+---------------------------------------+
|       LIBRARY       | VULNERABILITY ID | SEVERITY |         INSTALLED VERSION          |           FIXED VERSION            |                 TITLE                 |
+---------------------+------------------+----------+------------------------------------+------------------------------------+---------------------------------------+
| golang.org/x/crypto | CVE-2020-29652   | HIGH     | v0.0.0-20201112155050-0c6587e931a9 | v0.0.0-20201216223049-8b5274cf687f | golang: crypto/ssh: crafted           |
|                     |                  |          |                                    |                                    | authentication request can            |
|                     |                  |          |                                    |                                    | lead to nil pointer dereference       |
|                     |                  |          |                                    |                                    | -->avd.aquasec.com/nvd/cve-2020-29652 |
+---------------------+------------------+----------+------------------------------------+------------------------------------+---------------------------------------+

Security issue CVE-2020-29652 from git-lfs 3.0.2 #60

Description

Metadata

Metadata

Assignees

Labels

Type

Fields

Projects

Milestone

Relationships

Development

Issue actions