Merge pull request #48 from pascaliske/renovate/actions-setup-node-3.x #97
pascaliskeAnnotations
10 errors, 12 warnings, and 2 notices
|
Scan
CVE-2022-32221 - CRITICAL severity - POST following PUT confusion vulnerability in curl
|
|
Scan
CVE-2023-23914 - CRITICAL severity - HSTS ignored on multiple requests vulnerability in curl
|
|
Scan
CVE-2022-42915 - HIGH severity - HTTP proxy double-free vulnerability in curl
|
|
Scan
CVE-2022-42916 - HIGH severity - HSTS bypass via IDN vulnerability in curl
|
|
Scan
CVE-2022-43551 - HIGH severity - HSTS bypass via IDN vulnerability in curl
|
|
Scan
CVE-2023-27533 - HIGH severity - TELNET option IAC injection vulnerability in curl
|
|
Scan
CVE-2023-27534 - HIGH severity - SFTP path ~ resolving discrepancy vulnerability in curl
|
|
Scan
CVE-2023-28319 - HIGH severity - use after free in SSH sha256 fingerprint check vulnerability in curl
|
|
Scan
CVE-2022-4450 - HIGH severity - double free after calling PEM_read_bio_ex vulnerability in libcrypto1.1
|
|
Scan
CVE-2023-0215 - HIGH severity - use-after-free following BIO_new_NDEF vulnerability in libcrypto1.1
|
|
Scan
CVE-2023-28322 - LOW severity - more POST-after-PUT confusion vulnerability in curl
|
|
Scan
CVE-2023-28322 - LOW severity - more POST-after-PUT confusion vulnerability in libcurl
|
|
Scan
The `set-output` command is deprecated and will be disabled soon. Please upgrade to using Environment Files. For more information see: https://github.blog/changelog/2022-10-11-github-actions-deprecating-save-state-and-set-output-commands/
|
|
Scan
CVE-2022-43552 - MEDIUM severity - Use-after-free triggered by an HTTP proxy deny response vulnerability in curl
|
|
Scan
CVE-2023-23915 - MEDIUM severity - HSTS amnesia with --parallel vulnerability in curl
|
|
Scan
CVE-2023-23916 - MEDIUM severity - HTTP multi-header compression denial of service vulnerability in curl
|
|
Scan
CVE-2023-27535 - MEDIUM severity - FTP too eager connection reuse vulnerability in curl
|
|
Scan
CVE-2023-27536 - MEDIUM severity - GSS delegation too eager connection re-use vulnerability in curl
|
|
Scan
CVE-2023-27537 - MEDIUM severity - curl: HSTS double-free vulnerability in curl
|
|
Scan
CVE-2023-27538 - MEDIUM severity - SSH connection too eager reuse still vulnerability in curl
|
|
Scan
CVE-2023-28320 - MEDIUM severity - siglongjmp race condition may lead to crash vulnerability in curl
|
|
Scan
CVE-2023-28321 - MEDIUM severity - IDN wildcard match may lead to Improper Cerificate Validation vulnerability in curl
|
|
Scan
CVE-2022-4304 - MEDIUM severity - timing attack in RSA Decryption implementation vulnerability in libcrypto1.1
|
|
Build
The `set-output` command is deprecated and will be disabled soon. Please upgrade to using Environment Files. For more information see: https://github.blog/changelog/2022-10-11-github-actions-deprecating-save-state-and-set-output-commands/
|