GHSA-c3xm-pvg7-gh7r
Closed this issue · 1 comments
dallinb commented
Vulnerability GHSA-c3xm-pvg7-gh7r was identified while working on #50.
NAME,INSTALLED,VULNERABILITY,SEVERITY
google.golang.org/protobuf,v1.24.0,CVE-2015-5237,High
github.com/docker/docker,v17.12.0-ce-rc1.0.20200309214505-aa6a9891b09c+incompatible,CVE-2017-7297,High
github.com/docker/docker,v17.12.0-ce-rc1.0.20200309214505-aa6a9891b09c+incompatible,CVE-2019-13139,High
github.com/docker/docker,v17.12.0-ce-rc1.0.20200309214505-aa6a9891b09c+incompatible,CVE-2019-13509,High
github.com/docker/docker,v17.12.0-ce-rc1.0.20200309214505-aa6a9891b09c+incompatible,CVE-2019-16884,High
github.com/docker/docker,v17.12.0-ce-rc1.0.20200309214505-aa6a9891b09c+incompatible,CVE-2019-5736,High
github.com/ulikunitz/xz,v0.5.7,GHSA-25xm-hr59-7c27,High
github.com/opencontainers/runc,v0.1.1,GHSA-c3xm-pvg7-gh7r,High
dallinb commented
This error is specifically for runc, when we run the command /usr/bin/runc --version we get the following output:
runc version 1.0.2
commit: v1.0.2-0-g52b36a2
spec: 1.0.2-dev
go: go1.16.10
libseccomp: 2.5.1
This seems to be a version higher than runc 1.0-rc95 which is claimed to be the fixed version. So we either have a mistaken fix or a false positive. Only time will tell.