Ruby files have known CVEs #14372
Assignees
Labels
Comments
simonsteiner1984
added
the
Status: Untriaged
tpowell-progress
added
Triage: Confirmed
|
@simonsteiner1984 I believe these may be part of the Ruby install itself, and not directly included in Chef or related/dependent projects. Looking at an upgrade to Ruby 3.1.4 for an upcoming release for other CVEs and these should also be included in that upgrade if the 3.1.4 install I have is any indication. |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Install chef-18.4.12-1.el9.x86_64.rpm
view file /opt/chef/embedded/lib/ruby/gems/3.1.0/gems/rbs-2.1.0/steep/Gemfile.lock
Active Support version is listed as vulnerable to CVE-2023-22796
view file /opt/chef/embedded/lib/ruby/gems/3.1.0/gems/typeprof-0.21.2/vscode/package-lock.json
semver version is listed as vulnerable to CVE-2022-25883
view file /opt/chef/embedded/lib/ruby/gems/3.1.0/gems/typeprof-0.21.2/vscode/package-lock.json
minimatch version is listed as vulnerable to CVE-2022-3517
can you upgrade these libraries?
The text was updated successfully, but these errors were encountered: