gitea-mirror/trivy
1
0
Fork 0
mirror of https://github.com/aquasecurity/trivy.git synced 2025-12-12 15:50:15 -08:00
Code Issues Packages Projects Releases Wiki Activity

fix: CVE-2025-21613 and CVE-2025-21614 : go-git: argument injection via the URL field (#8207)

Browse Source
This commit is contained in:
jdesouza
2025-01-08 03:27:07 -03:00
committed by GitHub
parent bbc5a85444
commit 670fbf2d81
2 changed files with 19 additions and 19 deletions
Download Patch File Download Diff File Expand all files Collapse all files

10
go.mod
View File

@@ -45,7 +45,7 @@ require (
github.com/docker/docker v27.4.1+incompatible
github.com/docker/go-connections v0.5.0
github.com/fatih/color v1.18.0
github.com/go-git/go-git/v5 v5.12.0
github.com/go-git/go-git/v5 v5.13.1
github.com/go-openapi/runtime v0.28.0 // indirect
github.com/go-openapi/strfmt v0.23.0 // indirect
github.com/go-redis/redis/v8 v8.11.5
@@ -165,7 +165,7 @@ require (
github.com/Microsoft/go-winio v0.6.2 // indirect
github.com/Microsoft/hcsshim v0.12.9 // indirect
github.com/OneOfOne/xxhash v1.2.8 // indirect
github.com/ProtonMail/go-crypto v1.1.2 // indirect
github.com/ProtonMail/go-crypto v1.1.3 // indirect
github.com/VividCortex/ewma v1.2.0 // indirect
github.com/agext/levenshtein v1.2.3 // indirect
github.com/agnivade/levenshtein v1.2.0 // indirect
@@ -206,7 +206,7 @@ require (
github.com/cpuguy83/dockercfg v0.3.2 // indirect
github.com/cpuguy83/go-md2man/v2 v2.0.5 // indirect
github.com/cyberphone/json-canonicalization v0.0.0-20231011164504-785e29786b46 // indirect
github.com/cyphar/filepath-securejoin v0.3.4 // indirect
github.com/cyphar/filepath-securejoin v0.3.6 // indirect
github.com/davecgh/go-spew v1.1.2-0.20180830191138-d8f796af33cc // indirect
github.com/dgryski/go-rendezvous v0.0.0-20200823014737-9f7001d12a5f // indirect
github.com/digitorus/pkcs7 v0.0.0-20230818184609-3a137a874352 // indirect
@@ -229,7 +229,7 @@ require (
github.com/go-chi/chi v4.1.2+incompatible // indirect
github.com/go-errors/errors v1.4.2 // indirect
github.com/go-git/gcfg v1.5.1-0.20230307220236-3a3c6141e376 // indirect
github.com/go-git/go-billy/v5 v5.6.0 // indirect
github.com/go-git/go-billy/v5 v5.6.1 // indirect
github.com/go-gorp/gorp/v3 v3.1.0 // indirect
github.com/go-ini/ini v1.67.0 // indirect
github.com/go-jose/go-jose/v4 v4.0.4 // indirect
@@ -351,7 +351,7 @@ require (
github.com/sigstore/cosign/v2 v2.2.4 // indirect
github.com/sigstore/sigstore v1.8.10 // indirect
github.com/sigstore/timestamp-authority v1.2.2 // indirect
github.com/skeema/knownhosts v1.2.2 // indirect
github.com/skeema/knownhosts v1.3.0 // indirect
github.com/sourcegraph/conc v0.3.0 // indirect
github.com/spf13/afero v1.11.0 // indirect
github.com/stretchr/objx v0.5.2 // indirect