Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

[Bot] docs: Update Snyk report #15977

Merged
merged 1 commit into from
Oct 16, 2023
Merged

[Bot] docs: Update Snyk report #15977

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
18 changes: 9 additions & 9 deletions docs/snyk/index.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -17,7 +17,7 @@ recent minor releases.
| [ui/yarn.lock](master/argocd-test.html) | 0 | 0 | 0 | 0 |
| [dex:v2.37.0](master/ghcr.io_dexidp_dex_v2.37.0.html) | 1 | 0 | 3 | 0 |
| [haproxy:2.6.14-alpine](master/haproxy_2.6.14-alpine.html) | 0 | 0 | 0 | 0 |
| [argocd:latest](master/quay.io_argoproj_argocd_latest.html) | 0 | 0 | 3 | 17 |
| [argocd:latest](master/quay.io_argoproj_argocd_latest.html) | 0 | 0 | 3 | 19 |
| [redis:7.0.11-alpine](master/redis_7.0.11-alpine.html) | 1 | 0 | 3 | 0 |
| [install.yaml](master/argocd-iac-install.html) | - | - | - | - |
| [namespace-install.yaml](master/argocd-iac-namespace-install.html) | - | - | - | - |
Expand All @@ -26,11 +26,11 @@ recent minor releases.

| | Critical | High | Medium | Low |
|---:|:--------:|:----:|:------:|:---:|
| [go.mod](v2.9.0-rc2/argocd-test.html) | 0 | 0 | 5 | 0 |
| [go.mod](v2.9.0-rc2/argocd-test.html) | 0 | 2 | 5 | 0 |
| [ui/yarn.lock](v2.9.0-rc2/argocd-test.html) | 0 | 0 | 0 | 0 |
| [dex:v2.37.0](v2.9.0-rc2/ghcr.io_dexidp_dex_v2.37.0.html) | 1 | 0 | 3 | 0 |
| [haproxy:2.6.14-alpine](v2.9.0-rc2/haproxy_2.6.14-alpine.html) | 0 | 0 | 0 | 0 |
| [argocd:v2.9.0-rc2](v2.9.0-rc2/quay.io_argoproj_argocd_v2.9.0-rc2.html) | 0 | 1 | 6 | 17 |
| [argocd:v2.9.0-rc2](v2.9.0-rc2/quay.io_argoproj_argocd_v2.9.0-rc2.html) | 0 | 2 | 6 | 20 |
| [redis:7.0.11-alpine](v2.9.0-rc2/redis_7.0.11-alpine.html) | 1 | 0 | 3 | 0 |
| [install.yaml](v2.9.0-rc2/argocd-iac-install.html) | - | - | - | - |
| [namespace-install.yaml](v2.9.0-rc2/argocd-iac-namespace-install.html) | - | - | - | - |
Expand All @@ -39,11 +39,11 @@ recent minor releases.

| | Critical | High | Medium | Low |
|---:|:--------:|:----:|:------:|:---:|
| [go.mod](v2.8.4/argocd-test.html) | 0 | 0 | 5 | 0 |
| [go.mod](v2.8.4/argocd-test.html) | 0 | 2 | 5 | 0 |
| [ui/yarn.lock](v2.8.4/argocd-test.html) | 0 | 0 | 0 | 0 |
| [dex:v2.37.0](v2.8.4/ghcr.io_dexidp_dex_v2.37.0.html) | 1 | 0 | 3 | 0 |
| [haproxy:2.6.14-alpine](v2.8.4/haproxy_2.6.14-alpine.html) | 0 | 0 | 0 | 0 |
| [argocd:v2.8.4](v2.8.4/quay.io_argoproj_argocd_v2.8.4.html) | 0 | 1 | 6 | 17 |
| [argocd:v2.8.4](v2.8.4/quay.io_argoproj_argocd_v2.8.4.html) | 0 | 2 | 6 | 20 |
| [redis:7.0.11-alpine](v2.8.4/redis_7.0.11-alpine.html) | 1 | 0 | 3 | 0 |
| [install.yaml](v2.8.4/argocd-iac-install.html) | - | - | - | - |
| [namespace-install.yaml](v2.8.4/argocd-iac-namespace-install.html) | - | - | - | - |
Expand All @@ -52,11 +52,11 @@ recent minor releases.

| | Critical | High | Medium | Low |
|---:|:--------:|:----:|:------:|:---:|
| [go.mod](v2.7.14/argocd-test.html) | 0 | 1 | 5 | 0 |
| [go.mod](v2.7.14/argocd-test.html) | 0 | 3 | 5 | 0 |
| [ui/yarn.lock](v2.7.14/argocd-test.html) | 0 | 1 | 0 | 0 |
| [dex:v2.37.0](v2.7.14/ghcr.io_dexidp_dex_v2.37.0.html) | 1 | 0 | 3 | 0 |
| [haproxy:2.6.14-alpine](v2.7.14/haproxy_2.6.14-alpine.html) | 0 | 0 | 0 | 0 |
| [argocd:v2.7.14](v2.7.14/quay.io_argoproj_argocd_v2.7.14.html) | 0 | 1 | 6 | 17 |
| [argocd:v2.7.14](v2.7.14/quay.io_argoproj_argocd_v2.7.14.html) | 0 | 2 | 6 | 20 |
| [redis:7.0.11-alpine](v2.7.14/redis_7.0.11-alpine.html) | 1 | 0 | 3 | 0 |
| [install.yaml](v2.7.14/argocd-iac-install.html) | - | - | - | - |
| [namespace-install.yaml](v2.7.14/argocd-iac-namespace-install.html) | - | - | - | - |
Expand All @@ -65,11 +65,11 @@ recent minor releases.

| | Critical | High | Medium | Low |
|---:|:--------:|:----:|:------:|:---:|
| [go.mod](v2.6.15/argocd-test.html) | 0 | 1 | 5 | 0 |
| [go.mod](v2.6.15/argocd-test.html) | 0 | 3 | 5 | 0 |
| [ui/yarn.lock](v2.6.15/argocd-test.html) | 0 | 1 | 0 | 0 |
| [dex:v2.37.0](v2.6.15/ghcr.io_dexidp_dex_v2.37.0.html) | 1 | 0 | 3 | 0 |
| [haproxy:2.6.14-alpine](v2.6.15/haproxy_2.6.14-alpine.html) | 0 | 0 | 0 | 0 |
| [argocd:v2.6.15](v2.6.15/quay.io_argoproj_argocd_v2.6.15.html) | 0 | 1 | 6 | 17 |
| [argocd:v2.6.15](v2.6.15/quay.io_argoproj_argocd_v2.6.15.html) | 0 | 2 | 6 | 20 |
| [redis:7.0.11-alpine](v2.6.15/redis_7.0.11-alpine.html) | 1 | 0 | 3 | 0 |
| [install.yaml](v2.6.15/argocd-iac-install.html) | - | - | - | - |
| [namespace-install.yaml](v2.6.15/argocd-iac-namespace-install.html) | - | - | - | - |
2 changes: 1 addition & 1 deletion docs/snyk/master/argocd-iac-install.html
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -456,7 +456,7 @@
<div class="header-wrap">
<h1 class="project__header__title">Snyk test report</h1>

<p class="timestamp">October 8th 2023, 12:18:32 am (UTC+00:00)</p>
<p class="timestamp">October 15th 2023, 12:17:18 am (UTC+00:00)</p>
</div>
<div class="source-panel">
<span>Scanned the following path:</span>
Expand Down
2 changes: 1 addition & 1 deletion docs/snyk/master/argocd-iac-namespace-install.html
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -456,7 +456,7 @@
<div class="header-wrap">
<h1 class="project__header__title">Snyk test report</h1>

<p class="timestamp">October 8th 2023, 12:18:42 am (UTC+00:00)</p>
<p class="timestamp">October 15th 2023, 12:17:30 am (UTC+00:00)</p>
</div>
<div class="source-panel">
<span>Scanned the following path:</span>
Expand Down
4 changes: 2 additions & 2 deletions docs/snyk/master/argocd-test.html
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -456,7 +456,7 @@
<div class="header-wrap">
<h1 class="project__header__title">Snyk test report</h1>

<p class="timestamp">October 8th 2023, 12:16:00 am (UTC+00:00)</p>
<p class="timestamp">October 15th 2023, 12:14:41 am (UTC+00:00)</p>
</div>
<div class="source-panel">
<span>Scanned the following paths:</span>
Expand All @@ -468,7 +468,7 @@ <h1 class="project__header__title">Snyk test report</h1>
<div class="meta-counts">
<div class="meta-count"><span>5</span> <span>known vulnerabilities</span></div>
<div class="meta-count"><span>18 vulnerable dependency paths</span></div>
<div class="meta-count"><span>1920</span> <span>dependencies</span></div>
<div class="meta-count"><span>1922</span> <span>dependencies</span></div>
</div><!-- .meta-counts -->
</div><!-- .layout-container--short -->
</header><!-- .project__header -->
Expand Down
172 changes: 168 additions & 4 deletions docs/snyk/master/ghcr.io_dexidp_dex_v2.37.0.html
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -7,7 +7,7 @@
<meta name="viewport" content="width=device-width, initial-scale=1.0">
<meta http-equiv="X-UA-Compatible" content="IE=edge">
<title>Snyk test report</title>
<meta name="description" content="25 known vulnerabilities found in 68 vulnerable dependency paths.">
<meta name="description" content="27 known vulnerabilities found in 72 vulnerable dependency paths.">
<base target="_blank">
<link rel="icon" type="image/png" href="https://res.cloudinary.com/snyk/image/upload/v1468845142/favicon/favicon.png"
sizes="194x194">
Expand Down Expand Up @@ -456,7 +456,7 @@
<div class="header-wrap">
<h1 class="project__header__title">Snyk test report</h1>

<p class="timestamp">October 8th 2023, 12:16:18 am (UTC+00:00)</p>
<p class="timestamp">October 15th 2023, 12:14:53 am (UTC+00:00)</p>
</div>
<div class="source-panel">
<span>Scanned the following paths:</span>
Expand All @@ -466,8 +466,8 @@ <h1 class="project__header__title">Snyk test report</h1>
</div>

<div class="meta-counts">
<div class="meta-count"><span>25</span> <span>known vulnerabilities</span></div>
<div class="meta-count"><span>68 vulnerable dependency paths</span></div>
<div class="meta-count"><span>27</span> <span>known vulnerabilities</span></div>
<div class="meta-count"><span>72 vulnerable dependency paths</span></div>
<div class="meta-count"><span>786</span> <span>dependencies</span></div>
</div><!-- .meta-counts -->
</div><!-- .layout-container--short -->
Expand Down Expand Up @@ -583,6 +583,170 @@ <h2 id="references">References</h2>
<p><a href="https://snyk.io/vuln/SNYK-ALPINE318-BUSYBOX-5890990">More about this vulnerability</a></p>
</div>

</div><!-- .card -->
<div class="card card--vuln disclosure--not-new severity--high" data-snyk-test="high">
<h2 class="card__title">Denial of Service (DoS)</h2>
<div class="card__section">

<div class="label label--high">
<span class="label__text">high severity</span>
</div>

<hr/>

<ul class="card__meta">
<li class="card__meta__item">
Package Manager: golang
</li>
<li class="card__meta__item">
Vulnerable module:

google.golang.org/grpc
</li>

<li class="card__meta__item">Introduced through:

github.com/hairyhenderson/gomplate/v3@* and google.golang.org/[email protected]

</li>
</ul>

<hr/>


<h3 class="card__section__title">Detailed paths</h3>

<ul class="card__meta__paths">
<li>
<span class="list-paths__item__introduced"><em>Introduced through</em>:
github.com/hairyhenderson/gomplate/v3@*
<span class="list-paths__item__arrow">›</span>
google.golang.org/[email protected]

</span>

</li>
<li>
<span class="list-paths__item__introduced"><em>Introduced through</em>:
github.com/dexidp/dex@*
<span class="list-paths__item__arrow">›</span>
google.golang.org/[email protected]

</span>

</li>
</ul><!-- .list-paths -->

</div><!-- .card__section -->

<hr/>
<!-- Overview -->
<h2 id="overview">Overview</h2>
<p><a href="https://pkg.go.dev/google.golang.org/grpc">google.golang.org/grpc</a> is a Go implementation of gRPC</p>
<p>Affected versions of this package are vulnerable to Denial of Service (DoS) in the implementation of the HTTP/2 protocol. An attacker can cause a denial of service (including via DDoS) by rapidly resetting many streams through request cancellation.</p>
<h2 id="remediation">Remediation</h2>
<p>Upgrade <code>google.golang.org/grpc</code> to version 1.56.3, 1.57.1, 1.58.3 or higher.</p>
<h2 id="references">References</h2>
<ul>
<li><a href="https://github.com/apache/tomcat/commit/76bb4bfbfeae827dce896f650655bbf6e251ed49">GitHub Commit</a></li>
<li><a href="https://github.com/apache/tomcat/commit/9cdfe25bad707f34b3e5da2994f3f1952a163c3e">GitHub Commit</a></li>
<li><a href="https://github.com/eclipse/jetty.project/commit/dbb94514dc9d3fb21fe92080f57c314e7e06a148">GitHub Commit</a></li>
<li><a href="https://github.com/netty/netty/commit/58f75f665aa81a8cbcf6ffa74820042a285c5e61">GitHub Commit</a></li>
<li><a href="https://github.com/nghttp2/nghttp2/commit/72b4af6143681f528f1d237b21a9a7aee1738832">GitHub Commit</a></li>
<li><a href="https://snyk.io/blog/find-fix-http-2-rapid-reset-zero-day-vulnerability-cve-2023-44487/">Snyk Blog</a></li>
<li><a href="https://blog.cloudflare.com/technical-breakdown-http2-rapid-reset-ddos-attack/">Vulnerability Discovery</a></li>
<li><a href="https://cloud.google.com/blog/products/identity-security/how-it-works-the-novel-http2-rapid-reset-ddos-attack">Vulnerability Explanation</a></li>
<li><a href="https://www.cisa.gov/known-exploited-vulnerabilities-catalog">CISA - Known Exploited Vulnerabilities</a></li>
</ul>

<hr/>

<div class="cta card__cta">
<p><a href="https://snyk.io/vuln/SNYK-GOLANG-GOOGLEGOLANGORGGRPC-5953328">More about this vulnerability</a></p>
</div>

</div><!-- .card -->
<div class="card card--vuln disclosure--not-new severity--high" data-snyk-test="high">
<h2 class="card__title">Denial of Service (DoS)</h2>
<div class="card__section">

<div class="label label--high">
<span class="label__text">high severity</span>
</div>

<hr/>

<ul class="card__meta">
<li class="card__meta__item">
Package Manager: golang
</li>
<li class="card__meta__item">
Vulnerable module:

golang.org/x/net/http2
</li>

<li class="card__meta__item">Introduced through:

github.com/hairyhenderson/gomplate/v3@* and golang.org/x/net/[email protected]

</li>
</ul>

<hr/>


<h3 class="card__section__title">Detailed paths</h3>

<ul class="card__meta__paths">
<li>
<span class="list-paths__item__introduced"><em>Introduced through</em>:
github.com/hairyhenderson/gomplate/v3@*
<span class="list-paths__item__arrow">›</span>
golang.org/x/net/[email protected]

</span>

</li>
<li>
<span class="list-paths__item__introduced"><em>Introduced through</em>:
github.com/dexidp/dex@*
<span class="list-paths__item__arrow">›</span>
golang.org/x/net/[email protected]

</span>

</li>
</ul><!-- .list-paths -->

</div><!-- .card__section -->

<hr/>
<!-- Overview -->
<h2 id="overview">Overview</h2>
<p><a href="https://pkg.go.dev/golang.org/x/[email protected]/http2#section-readme">golang.org/x/net/http2</a> is a work-in-progress HTTP/2 implementation for Go.</p>
<p>Affected versions of this package are vulnerable to Denial of Service (DoS) in the implementation of the HTTP/2 protocol. An attacker can cause a denial of service (including via DDoS) by rapidly resetting many streams through request cancellation.</p>
<h2 id="remediation">Remediation</h2>
<p>Upgrade <code>golang.org/x/net/http2</code> to version 0.17.0 or higher.</p>
<h2 id="references">References</h2>
<ul>
<li><a href="https://github.com/apache/tomcat/commit/76bb4bfbfeae827dce896f650655bbf6e251ed49">GitHub Commit</a></li>
<li><a href="https://github.com/apache/tomcat/commit/9cdfe25bad707f34b3e5da2994f3f1952a163c3e">GitHub Commit</a></li>
<li><a href="https://github.com/eclipse/jetty.project/commit/dbb94514dc9d3fb21fe92080f57c314e7e06a148">GitHub Commit</a></li>
<li><a href="https://github.com/netty/netty/commit/58f75f665aa81a8cbcf6ffa74820042a285c5e61">GitHub Commit</a></li>
<li><a href="https://github.com/nghttp2/nghttp2/commit/72b4af6143681f528f1d237b21a9a7aee1738832">GitHub Commit</a></li>
<li><a href="https://snyk.io/blog/find-fix-http-2-rapid-reset-zero-day-vulnerability-cve-2023-44487/">Snyk Blog</a></li>
<li><a href="https://blog.cloudflare.com/technical-breakdown-http2-rapid-reset-ddos-attack/">Vulnerability Discovery</a></li>
<li><a href="https://cloud.google.com/blog/products/identity-security/how-it-works-the-novel-http2-rapid-reset-ddos-attack">Vulnerability Explanation</a></li>
<li><a href="https://www.cisa.gov/known-exploited-vulnerabilities-catalog">CISA - Known Exploited Vulnerabilities</a></li>
</ul>

<hr/>

<div class="cta card__cta">
<p><a href="https://snyk.io/vuln/SNYK-GOLANG-GOLANGORGXNETHTTP2-5953327">More about this vulnerability</a></p>
</div>

</div><!-- .card -->
<div class="card card--vuln disclosure--not-new severity--medium" data-snyk-test="medium">
<h2 class="card__title">Improper Authentication</h2>
Expand Down
2 changes: 1 addition & 1 deletion docs/snyk/master/haproxy_2.6.14-alpine.html
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -456,7 +456,7 @@
<div class="header-wrap">
<h1 class="project__header__title">Snyk test report</h1>

<p class="timestamp">October 8th 2023, 12:16:26 am (UTC+00:00)</p>
<p class="timestamp">October 15th 2023, 12:15:00 am (UTC+00:00)</p>
</div>
<div class="source-panel">
<span>Scanned the following path:</span>
Expand Down
Loading
Loading