Skip to content
Default test

fix: Bump for 2.0.1 release (#285) #438

Sign in to view logs

fix: Bump for 2.0.1 release (#285)

fix: Bump for 2.0.1 release (#285) #438

GitHub Actions / node-red:3.1.x-main-linux-amd64 scan results succeeded Jan 23, 2024 in 0s

3 fail in 0s

3 tests  ±0   0 ✅ ±0   0s ⏱️ ±0s
2 suites ±0   0 💤 ±0 
1 files   ±0   3 ❌ ±0 

Results for commit 6c02d85. ± Comparison against earlier commit cfd25ce.

Annotations

Check warning on line 0 in libcrypto3-3.1.4-r3

See this annotation in the file changed.

@github-actions github-actions / node-red:3.1.x-main-linux-amd64 scan results

[MEDIUM] CVE-2023-6237 (libcrypto3-3.1.4-r3) failed 

trivy-junit-results.xml
Raw output 
openssl: Excessive time spent checking invalid RSA public keys
A flaw was found in OpenSSL. When the EVP_PKEY_public_check() function is called in RSA public keys, a computation is done to confirm that the RSA modulus, n, is composite. For valid RSA keys, n is a product of two or more large primes and this computation completes quickly. However, if n is a large prime, this computation takes a long time. An application that calls EVP_PKEY_public_check() and supplies an RSA key obtained from an untrusted source could be vulnerable to a Denial of Service attack.

Check warning on line 0 in libssl3-3.1.4-r3

See this annotation in the file changed.

@github-actions github-actions / node-red:3.1.x-main-linux-amd64 scan results

[MEDIUM] CVE-2023-6237 (libssl3-3.1.4-r3) failed 

trivy-junit-results.xml
Raw output 
openssl: Excessive time spent checking invalid RSA public keys
A flaw was found in OpenSSL. When the EVP_PKEY_public_check() function is called in RSA public keys, a computation is done to confirm that the RSA modulus, n, is composite. For valid RSA keys, n is a product of two or more large primes and this computation completes quickly. However, if n is a large prime, this computation takes a long time. An application that calls EVP_PKEY_public_check() and supplies an RSA key obtained from an untrusted source could be vulnerable to a Denial of Service attack.

Check warning on line 0 in openssl-3.1.4-r3

See this annotation in the file changed.

@github-actions github-actions / node-red:3.1.x-main-linux-amd64 scan results

[MEDIUM] CVE-2023-6237 (openssl-3.1.4-r3) failed 

trivy-junit-results.xml
Raw output 
openssl: Excessive time spent checking invalid RSA public keys
A flaw was found in OpenSSL. When the EVP_PKEY_public_check() function is called in RSA public keys, a computation is done to confirm that the RSA modulus, n, is composite. For valid RSA keys, n is a product of two or more large primes and this computation completes quickly. However, if n is a large prime, this computation takes a long time. An application that calls EVP_PKEY_public_check() and supplies an RSA key obtained from an untrusted source could be vulnerable to a Denial of Service attack.

Check notice on line 0 in .github

See this annotation in the file changed.

@github-actions github-actions / node-red:3.1.x-main-linux-amd64 scan results

3 tests found 

There are 3 tests, see "Raw output" for the full list of tests.
Raw output 
libcrypto3-3.1.4-r3 ‑ [MEDIUM] CVE-2023-6237
libssl3-3.1.4-r3 ‑ [MEDIUM] CVE-2023-6237
openssl-3.1.4-r3 ‑ [MEDIUM] CVE-2023-6237
View more details on GitHub Actions