Vulnerability issue in library in the efs proxy. #263
Comments
|
Hello @SjeYinTeoIntel, Thank you for pointing this out. We tried contacting the package owner for |
|
Thanks @thakurmi , will you inform here once the internal package is created ? So I can noticed the updated package. |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
How to update the regex version as it is come with the package?
The library regex version 0.2.11 was detected in Cargo library manager located at /home/ubuntu/efs-utils/src/proxy/Cargo.lock and is vulnerable to CVE-2022-24713, which exists in versions < 1.5.5.
The vulnerability was found in the Github Security Advisory with vendor severity: High (NVD severity: High).
The vulnerability can be remediated by updating the library to version 1.5.5 or higher.
From the cargo tree showing as below.
[build-dependencies]
└── xdrgen v0.4.4
├── bitflags v0.9.1
├── clap v2.34.0
│ ├── ansi_term v0.12.1
│ ├── atty v0.2.14 (*)
│ ├── bitflags v1.3.2
│ ├── strsim v0.8.0
│ ├── textwrap v0.11.0
│ │ └── unicode-width v0.1.14
│ ├── unicode-width v0.1.14
│ └── vec_map v0.8.2
├── env_logger v0.4.3
│ ├── log v0.3.9
│ │ └── log v0.4.25
│ └── regex v0.2.11
│ ├── aho-corasick v0.6.10
│ │ └── memchr v2.7.4
│ ├── memchr v2.7.4
│ ├── regex-syntax v0.5.6
│ │ └── ucd-util v0.1.10
│ ├── thread_local v0.3.6
│ │ └── lazy_static v1.5.0
│ └── utf8-ranges v1.0.5
The text was updated successfully, but these errors were encountered: