update vulnerable dependency
gfrankliu opened this issue · 0 comments
gfrankliu commented
Trivy scanner reports os pulls vulnerable rake, probably due to https://github.com/rdp/os/blob/master/Gemfile.lock#L11
==================================================
Total: 1 (UNKNOWN: 0, LOW: 0, MEDIUM: 0, HIGH: 1, CRITICAL: 0)
+---------+------------------+----------+-------------------+---------------+--------------------------------------+
| LIBRARY | VULNERABILITY ID | SEVERITY | INSTALLED VERSION | FIXED VERSION | TITLE |
+---------+------------------+----------+-------------------+---------------+--------------------------------------+
| rake | CVE-2020-8130 | HIGH | 0.9.6 | 12.3.3 | rake: OS Command Injection |
| | | | | | via egrep in Rake::FileList |
| | | | | | -->avd.aquasec.com/nvd/cve-2020-8130 |
+---------+------------------+----------+-------------------+---------------+--------------------------------------+