-
Notifications
You must be signed in to change notification settings - Fork 2.5k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Ruby files have known CVEs #14372
Labels
Comments
simonsteiner1984
added
the
Status: Untriaged
An issue that has yet to be triaged.
label
May 10, 2024
tpowell-progress
added
Triage: Confirmed
Indicates and issue has been confirmed as described.
Chef 18.5
and removed
Status: Untriaged
An issue that has yet to be triaged.
labels
May 21, 2024
@simonsteiner1984 I believe these may be part of the Ruby install itself, and not directly included in Chef or related/dependent projects. Looking at an upgrade to Ruby 3.1.4 for an upcoming release for other CVEs and these should also be included in that upgrade if the 3.1.4 install I have is any indication. |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Labels
Install chef-18.4.12-1.el9.x86_64.rpm
view file /opt/chef/embedded/lib/ruby/gems/3.1.0/gems/rbs-2.1.0/steep/Gemfile.lock
Active Support version is listed as vulnerable to CVE-2023-22796
view file /opt/chef/embedded/lib/ruby/gems/3.1.0/gems/typeprof-0.21.2/vscode/package-lock.json
semver version is listed as vulnerable to CVE-2022-25883
view file /opt/chef/embedded/lib/ruby/gems/3.1.0/gems/typeprof-0.21.2/vscode/package-lock.json
minimatch version is listed as vulnerable to CVE-2022-3517
can you upgrade these libraries?
The text was updated successfully, but these errors were encountered: