butterfly1924 opened a new issue, #2571:
URL: https://github.com/apache/apisix-dashboard/issues/2571
### Issue description
Vulnerability found in apisix dashboard
### Expected behavior
Vulnerability found in apisix dashboard
### How to Reproduce
Vulnerability found in apisix dashboard
### Screenshots
_No response_
### Environment
- apisix version (cmd: `apisix version`):
- OS (cmd: `uname -a`):
- OpenResty / Nginx version (cmd: `nginx -V` or `openresty -V`):
- etcd version, if have (cmd: run `etcd --version`):
- apisix-dashboard version, if have:
- Browser version, if have:
### Additional context
Testing /workspace/apisix-dashboard/api...
✗ High severity vulnerability found in gopkg.in/yaml.v3
Description: Denial of Service (DoS)
Info: https://security.snyk.io/vuln/SNYK-GOLANG-GOPKGINYAMLV3-2841557
Introduced through: github.com/stretchr/testify/[email protected],
github.com/shiningrush/droplet@#53817015cd1b,
github.com/shiningrush/droplet/middleware@#53817015cd1b,
github.com/shiningrush/droplet/wrapper@#53817015cd1b,
github.com/shiningrush/droplet/wrapper/[email protected]
From: github.com/stretchr/testify/[email protected] >
github.com/stretchr/testify/[email protected] > gopkg.in/yaml.v3@#496545a6307b
From: github.com/shiningrush/droplet@#53817015cd1b >
github.com/stretchr/testify/[email protected] >
github.com/stretchr/testify/[email protected] > gopkg.in/yaml.v3@#496545a6307b
From: github.com/shiningrush/droplet/middleware@#53817015cd1b >
github.com/shiningrush/droplet@#53817015cd1b >
github.com/stretchr/testify/[email protected] >
github.com/stretchr/testify/[email protected] > gopkg.in/yaml.v3@#496545a6307b
and 2 more...
Fixed in: 3.0.0
✗ High severity vulnerability found in github.com/tidwall/gjson
Description: Regular Expression Denial of Service (ReDoS)
Info:
https://security.snyk.io/vuln/SNYK-GOLANG-GITHUBCOMTIDWALLGJSON-1766963
Introduced through: github.com/tidwall/[email protected]
From: github.com/tidwall/[email protected]
Fixed in: 1.9.3
✗ High severity vulnerability found in github.com/satori/go.uuid
Description: Insecure Randomness
Info: https://security.snyk.io/vuln/SNYK-GOLANG-GITHUBCOMSATORIGOUUID-72488
Introduced through: github.com/satori/[email protected]
From: github.com/satori/[email protected]
✗ High severity vulnerability found in github.com/gin-gonic/gin
Description: HTTP Response Splitting
Info:
https://security.snyk.io/vuln/SNYK-GOLANG-GITHUBCOMGINGONICGIN-1041736
Introduced through: github.com/gin-gonic/[email protected],
github.com/gin-contrib/[email protected], github.com/gin-contrib/static@#d45d9a37d28e,
github.com/shiningrush/droplet/wrapper/[email protected]
From: github.com/gin-gonic/[email protected]
From: github.com/gin-contrib/[email protected] > github.com/gin-gonic/[email protected]
From: github.com/gin-contrib/static@#d45d9a37d28e >
github.com/gin-gonic/[email protected]
and 1 more...
Fixed in: 1.7.7
Organization: butterfly1924
Package manager: gomodules
Target file: go.mod
Project name: github.com/apisix/manager-api
Open source: no
Project path: /workspace/apisix-dashboard/api
Licenses: enabled
Tested 198 dependencies for known issues, found 4 issues, 11 vulnerable
paths.
Tip: Detected multiple supported manifests (1), use --all-projects to scan
all of them at once.
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: [email protected]
For queries about this service, please contact Infrastructure at:
[email protected]
