2022-05-11 22:47:31 +00:00
|
|
|
# If you need to ignore any of nancy's warnings add them
|
2022-11-08 00:40:15 +00:00
|
|
|
|
2022-05-11 22:47:31 +00:00
|
|
|
# here with a reference to the package/version that
|
2022-11-08 00:40:15 +00:00
|
|
|
|
2022-05-11 22:47:31 +00:00
|
|
|
# triggers them and rational for ignoring it.
|
|
|
|
|
|
|
|
|
|
# pkg:golang/github.com/coreos/etcd@3.3.10
|
2022-11-08 00:40:15 +00:00
|
|
|
|
2022-05-11 22:47:31 +00:00
|
|
|
# etcd before versions 3.3.23 and 3.4.10 does not perform any password length validation
|
2022-11-08 00:40:15 +00:00
|
|
|
|
2022-05-11 22:47:31 +00:00
|
|
|
CVE-2020-15115
|
|
|
|
|
|
|
|
|
|
# pkg:golang/github.com/coreos/etcd@3.3.10
|
2022-11-08 00:40:15 +00:00
|
|
|
|
2022-05-11 22:47:31 +00:00
|
|
|
# In ectd before versions 3.4.10 and 3.3.23, gateway TLS authentication is only applied to endpoints detected in DNS SRV records
|
2022-11-08 00:40:15 +00:00
|
|
|
|
2022-05-11 22:47:31 +00:00
|
|
|
CVE-2020-15136
|
|
|
|
|
|
|
|
|
|
# pkg:golang/github.com/coreos/etcd@3.3.10
|
2022-11-08 00:40:15 +00:00
|
|
|
|
2022-05-11 22:47:31 +00:00
|
|
|
# In etcd before versions 3.3.23 and 3.4.10, the etcd gateway is a simple TCP proxy to allow for basic service discovery and access
|
2022-11-08 00:40:15 +00:00
|
|
|
|
2022-05-11 22:47:31 +00:00
|
|
|
CVE-2020-15114
|
|
|
|
|
|
|
|
|
|
# pkg:golang/github.com/gorilla/websocket@1.4.0
|
2022-11-08 00:40:15 +00:00
|
|
|
|
2022-05-11 22:47:31 +00:00
|
|
|
# Integer Overflow or Wraparound
|
2022-11-08 00:40:15 +00:00
|
|
|
|
2022-05-11 22:47:31 +00:00
|
|
|
CWE-190
|
|
|
|
|
|
|
|
|
|
# jwt-go before 4.0.0-preview1 allows attackers to bypass intended access restrict...
|
2022-11-08 00:40:15 +00:00
|
|
|
|
2022-05-11 22:47:31 +00:00
|
|
|
CVE-2020-26160
|
2022-11-08 00:40:15 +00:00
|
|
|
|
|
|
|
|
# https://ossindex.sonatype.org/vulnerability/sonatype-2021-1485
|
|
|
|
|
|
|
|
|
|
sonatype-2021-1485
|
2023-01-04 06:21:08 +00:00
|
|
|
|
|
|
|
|
# CWE-770: Allocation of Resources Without Limits or Throttling
|
|
|
|
|
|
|
|
|
|
CVE-2022-41717
|
