Skip to content

CVE(s) found in v0.20.7 #1488

New issue
New issue
Open
Open
CVE(s) found in v0.20.7#1488
Labels
cvestatus/triagetype/bugSomething isn't working
@github-actions

Description

@github-actions
github-actions
bot
opened on Mar 24, 2025

Latest lifecycle release v0.20.7 triggered CVE(s) from Grype. For further details, see: https://github.com/buildpacks/lifecycle/actions/runs/14025896604 json: {
"id": "GHSA-mh63-6h87-95cp",
"severity": "High",
"description": "jwt-go allows excessive memory allocation during header parsing"
}

Metadata

Metadata

Assignees

No one assigned

    Labels

    cvestatus/triagetype/bugSomething isn't working

    Type

    No type

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions