Skip to content
Image

chore(deps): update nginx docker tag to v1.25.3 #424

Sign in to view logs

chore(deps): update nginx docker tag to v1.25.3

chore(deps): update nginx docker tag to v1.25.3 #424

Triggered via pull request October 25, 2023 03:43
@renovaterenovate[bot]
opened #214
renovate/nginx-1.x
Status Success
Total duration 4m 0s
Artifacts
This run and associated checks have been archived and are scheduled for deletion. Learn more about checks retention

image.yml

on: pull_request
Build
3m 48s
Build
Scan
24s
Scan
Fit to window
Zoom out
Zoom in

Annotations

8 errors and 12 warnings
Scan
CVE-2023-38039 - HIGH severity - out of heap memory issue due to missing limit on header quantity vulnerability in curl
Scan
CVE-2023-38545 - HIGH severity - heap based buffer overflow in the SOCKS5 proxy handshake vulnerability in curl
Scan
CVE-2023-38039 - HIGH severity - out of heap memory issue due to missing limit on header quantity vulnerability in libcurl
Scan
CVE-2023-38545 - HIGH severity - heap based buffer overflow in the SOCKS5 proxy handshake vulnerability in libcurl
Scan
CVE-2023-4863 - HIGH severity - Heap buffer overflow in WebP Codec vulnerability in libwebp
Scan
CVE-2023-3138 - HIGH severity - InitExt.c can overwrite unintended portions of the Display structure if the extension request leads to a buffer overflow vulnerability in libx11
Scan
CVE-2023-35945 - HIGH severity - HTTP/2 memory leak in nghttp2 codec vulnerability in nghttp2-libs
Scan
CVE-2023-44487 - HIGH severity - Multiple HTTP/2 enabled web servers are vulnerable to a DDoS attack (Rapid Reset Attack) vulnerability in nghttp2-libs
Scan
The `set-output` command is deprecated and will be disabled soon. Please upgrade to using Environment Files. For more information see: https://github.blog/changelog/2022-10-11-github-actions-deprecating-save-state-and-set-output-commands/
Scan
CVE-2023-38546 - MEDIUM severity - cookie injection with none file vulnerability in curl
Scan
CVE-2023-2975 - MEDIUM severity - AES-SIV cipher implementation contains a bug that causes it to ignore empty associated data entries vulnerability in libcrypto3
Scan
CVE-2023-3446 - MEDIUM severity - Excessive time spent checking DH keys and parameters vulnerability in libcrypto3
Scan
CVE-2023-3817 - MEDIUM severity - Excessive time spent checking DH q parameter value vulnerability in libcrypto3
Scan
CVE-2023-5363 - MEDIUM severity - [Incorrect cipher key & IV length processing] vulnerability in libcrypto3
Scan
CVE-2023-38546 - MEDIUM severity - cookie injection with none file vulnerability in libcurl
Scan
CVE-2023-2975 - MEDIUM severity - AES-SIV cipher implementation contains a bug that causes it to ignore empty associated data entries vulnerability in libssl3
Scan
CVE-2023-3446 - MEDIUM severity - Excessive time spent checking DH keys and parameters vulnerability in libssl3
Scan
CVE-2023-3817 - MEDIUM severity - Excessive time spent checking DH q parameter value vulnerability in libssl3
Scan
CVE-2023-5363 - MEDIUM severity - [Incorrect cipher key & IV length processing] vulnerability in libssl3
Build
The `set-output` command is deprecated and will be disabled soon. Please upgrade to using Environment Files. For more information see: https://github.blog/changelog/2022-10-11-github-actions-deprecating-save-state-and-set-output-commands/