We read every piece of feedback, and take your input very seriously.
To see all available qualifiers, see our documentation.
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
While using the checkmarx\kics image, our trivy scans are detecting CVE-2022-29810 in the latest version of KICS (v1.5.10).
This CVE is related to hashicorp go-getter: The Hashicorp go-getter library before 1.5.11 does not redact an SSH key from a URL query parameter.
Submitting an issue for awareness and further investigation into KICS and potentially a patch.
The text was updated successfully, but these errors were encountered:
Hello, @darylmcnutt!
Thank you so much for also noticing this one and reporting it!
We are already working on that in PR #5292.
Sorry, something went wrong.
Successfully merging a pull request may close this issue.
While using the checkmarx\kics image, our trivy scans are detecting CVE-2022-29810 in the latest version of KICS (v1.5.10).
This CVE is related to hashicorp go-getter:
The Hashicorp go-getter library before 1.5.11 does not redact an SSH key from a URL query parameter.
Submitting an issue for awareness and further investigation into KICS and potentially a patch.
The text was updated successfully, but these errors were encountered: