-
Notifications
You must be signed in to change notification settings - Fork 465
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
GHSA-mvff-h3cj-wj9c - Vulnerability reported for github.com/containerd/containerd #1537
Comments
They don't have specific timelines as to when they would address this issue. |
naveensrinivasan
added a commit
that referenced
this issue
Jan 28, 2022
Fixes the containerd vulns. #1537
2 tasks
naveensrinivasan
added a commit
that referenced
this issue
Jan 28, 2022
Fixes the containerd vulns. #1537 Signed-off-by: naveen <172697+naveensrinivasan@users.noreply.github.com>
justaugustus
added a commit
that referenced
this issue
Feb 23, 2022
Fixes the containerd vulns. #1537 Signed-off-by: naveen <172697+naveensrinivasan@users.noreply.github.com> Co-authored-by: Stephen Augustus <foo@auggie.dev>
justaugustus
added a commit
that referenced
this issue
Feb 23, 2022
Fixes the containerd vulns. #1537 Signed-off-by: naveen <172697+naveensrinivasan@users.noreply.github.com> Co-authored-by: Stephen Augustus <foo@auggie.dev>
Closed via #1560. |
Still not closed, because the go.sum refers to version that has the vulnerability |
Merged
2 tasks
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
The dependabot has reported a
High Severity
vulnerabilitygithub.com/containerd/containerd
scorecard/tools/go.sum
Line 471 in d50788f
We don't use this directly. This is part of
tools
https://github.com/ossf/scorecard/tree/main/tools module.I have tried this replace in the
tools
go.mod
which fails whenmake install
replace github.com/containerd/containerd => github.com/containerd/containerd v1.5.9
This is because our dependencies have this issue https://deps.dev/go/github.com%2Fgoogle%2Fgo-containerregistry
The text was updated successfully, but these errors were encountered: