Due Date: ****
A medium severity vulnerability has been discovered in your project.
Project Name: acunetixapi
Scanner Name: trivy
Cwe ID: 1035
Cwe Name: Using Components with Known Vulnerabilities
Cwe Link: https://cwe.mitre.org/data/definitions/1035.html
CVE ID: CVE-2024-24783
Target: usr/local/bin/gosu
Packages:
- : 1.18.2 - Fixed Version: 1.21.8, 1.22.1
References:
Tool Description: Verifying a certificate chain which contains a certificate with an unknown public key algorithm will cause Certificate.Verify to panic. This affects all crypto/tls clients, and servers that set Config.ClientAuth to VerifyClientCertIfGiven or RequireAndVerifyClientCert. The default behavior is for TLS servers to not verify client certificates.
Custom Description: test after refactoring
Kondukto Link: http://localhost/projects/66c335db7de81b375832111f/vulns/appsec?page=1&perPage=15&id=in:66c5a4c19cdb9b6596274186
Deeplink: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-24783
Due Date: ****
A medium severity vulnerability has been discovered in your project.
Project Name: acunetixapi
Scanner Name: trivy
Cwe ID: 1035
Cwe Name: Using Components with Known Vulnerabilities
Cwe Link: https://cwe.mitre.org/data/definitions/1035.html
CVE ID: CVE-2024-24783
Target: usr/local/bin/gosu
Packages:
References:
Tool Description: Verifying a certificate chain which contains a certificate with an unknown public key algorithm will cause Certificate.Verify to panic. This affects all crypto/tls clients, and servers that set Config.ClientAuth to VerifyClientCertIfGiven or RequireAndVerifyClientCert. The default behavior is for TLS servers to not verify client certificates.
Custom Description: test after refactoring
Kondukto Link: http://localhost/projects/66c335db7de81b375832111f/vulns/appsec?page=1&perPage=15&id=in:66c5a4c19cdb9b6596274186
Deeplink: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-24783