CVE(s) found #2247

github-actions · 2024-08-12T02:20:38Z

Latest buildpacksio/pack v0.35.1 triggered CVE(s) from Grype. For further details, see: https://github.com/buildpacks/pack/actions/runs/10344879230

natalieparellano · 2024-08-13T19:03:15Z

The scan found 4 CVEs, the first two are false positives and should be addressed by #2250.

The second two (CVE-2024-41110, GHSA-v23v-6jw2-98fq) appear to be the same vulnerability and are non-impactful as pack uses only the docker client library. We can probably silence these with a dependency bump, so I didn't add it to the ignore file.

jjbustamante · 2024-09-19T01:21:38Z

@natalieparellano I think this one will be solved with #2246

github-actions bot added cve status/triage Issue or PR that requires contributor attention. type/bug Issue that reports an unexpected behaviour. labels Aug 12, 2024

natalieparellano added status/ready Issue ready to be worked on. and removed status/triage Issue or PR that requires contributor attention. labels Aug 15, 2024

natalieparellano added this to the 0.36.0 milestone Aug 15, 2024

jjbustamante mentioned this issue Sep 19, 2024

build(deps): bump github.com/docker/docker from 26.1.4+incompatible to 26.1.5+incompatible #2246

Merged

jjbustamante closed this as completed in #2246 Sep 19, 2024

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

CVE(s) found #2247

CVE(s) found #2247

github-actions bot commented Aug 12, 2024

natalieparellano commented Aug 13, 2024

jjbustamante commented Sep 19, 2024

CVE(s) found #2247

CVE(s) found #2247

Comments

github-actions bot commented Aug 12, 2024

natalieparellano commented Aug 13, 2024

jjbustamante commented Sep 19, 2024