View Issue Details

IDProjectCategoryView StatusLast Update
0020367phpList 3 applicationSecuritypublic19-12-21 12:03
Reporterbulgin Assigned To 
PriorityhighSeverityminorReproducibilityhave not tried
Status newResolutionopen 
Product Version3.5.5-RC1 
Target Version3.6.0 
Summary0020367: grype security scanner finds multiple issues in install
Descriptionview uploaded .txt file. When I submit here your system throws errors.
TagsNo tags attached.

Activities

bulgin

19-12-21 03:55

reporter  

mantis-report.txt (953 bytes)   
Version 3.6.6
Centos 7
Grype security scanner:
https://github.com/anchore/grype
which *also* scans not just dockers images but directories, finds security issues with my latest install.  Here are the results:
Run:
grype dir:/home/xxxxxxxx/public_html/xxxxxxxxxx.com/lists/

 ✔ Vulnerability DB        [no update available]
 ✔ Indexed /home/xxxxxxx/public_html/xxxxxxxxxx.com/lists/ 
 ✔ Cataloged packages      [21 packages]
 ✔ Scanned image           [4 vulnerabilities]
NAME      INSTALLED  FIXED-IN  VULNERABILITY        SEVERITY 
kramdown  1.17.0     2.3.1     GHSA-52p9-v744-mwjj  High      
kramdown  1.17.0     2.3.0     GHSA-mqm2-cgpr-p4m6  Critical  
kramdown  1.17.0               CVE-2020-14001       Critical  
kramdown  1.17.0               CVE-2021-28834       Critical  

These things are not reported in other directories in the server, however, possibly related to associated software and not necessarily phplist code.  Dunno.


mantis-report.txt (953 bytes)   

michiel

19-12-21 12:03

administrator   ~0064055

Interesting, thanks for that. I'll look into it.