CVEs in CLI #76

jayvdb · 2024-02-25T23:55:23Z

Using https://github.com/google/osv-scanner

ulid-rs> osv-scanner --lockfile Cargo.lock 
Scanned /home/jayvdb/rust/ulid-rs/Cargo.lock file and found 83 packages
╭─────────────────────────────────────┬──────┬───────────┬───────────┬─────────┬────────────╮
│ OSV URL                             │ CVSS │ ECOSYSTEM │ PACKAGE   │ VERSION │ SOURCE     │
├─────────────────────────────────────┼──────┼───────────┼───────────┼─────────┼────────────┤
│ https://osv.dev/RUSTSEC-2021-0139   │      │ crates.io │ ansi_term │ 0.12.1  │ Cargo.lock │
│ https://osv.dev/GHSA-g98v-hv3f-hcfr │      │ crates.io │ atty      │ 0.2.14  │ Cargo.lock │
│ https://osv.dev/RUSTSEC-2021-0145   │      │           │           │         │            │
╰─────────────────────────────────────┴──────┴───────────┴───────────┴─────────┴────────────╯

https://osv.dev/RUSTSEC-2021-0145 is a different identifier for https://osv.dev/GHSA-g98v-hv3f-hcfr

The text was updated successfully, but these errors were encountered:

jayvdb · 2024-02-26T00:00:02Z

The ansi_term and atty CVEs are coming in via the CLI structopt = "0.2". Upgrading to 0.3 has no effect as it still only uses clap 2 where these CVEs come from. c.f. https://crates.io/crates/structopt

jayvdb changed the title ~~CVEs~~ CVEs in CLI Feb 26, 2024

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

CVEs in CLI #76

CVEs in CLI #76

jayvdb commented Feb 25, 2024 •

edited

Loading

jayvdb commented Feb 26, 2024

CVEs in CLI #76

CVEs in CLI #76

Comments

jayvdb commented Feb 25, 2024 • edited Loading

jayvdb commented Feb 26, 2024

jayvdb commented Feb 25, 2024 •

edited

Loading