Old gem lock #84
Description
When I do a gem install fluent-plugin-detect-exceptions, the generate file gems/fluent-plugin-detect-exceptions-0.0.13/Gemfile.lock has
...
rake (10.5.0)
rubocop (0.42.0)
...
trivy scan report gives this:
================================================================================
Total: 2 (UNKNOWN: 0, LOW: 1, MEDIUM: 0, HIGH: 1, CRITICAL: 0)
+---------+------------------+----------+-------------------+---------------+--------------------------------------+
| LIBRARY | VULNERABILITY ID | SEVERITY | INSTALLED VERSION | FIXED VERSION | TITLE |
+---------+------------------+----------+-------------------+---------------+--------------------------------------+
| rake | CVE-2020-8130 | HIGH | 10.5.0 | 12.3.3 | rake: OS Command Injection |
| | | | | | via egrep in Rake::FileList |
| | | | | | -->avd.aquasec.com/nvd/cve-2020-8130 |
+---------+------------------+----------+-------------------+---------------+--------------------------------------+
| rubocop | CVE-2017-8418 | LOW | 0.42.0 | 0.49.0 | RuboCop: insecure use of /tmp |
| | | | | | -->avd.aquasec.com/nvd/cve-2017-8418 |
+---------+------------------+----------+-------------------+---------------+--------------------------------------+