AMD64
Shell
Git
Raw log
Scroll to End of Log
0.13s0.10s0.00s0.10s
worker_info
1Worker information
2hostname: d307a9c9-47a0-41b9-b847-ecf4d3e6089b@1.worker-n2-com-779d777f7b-hxsb6.gce-production-1
3version: 6.2.22 https://github.com/travis-ci/worker/tree/858cb91994a513269f2fe9782c15fc113e966231
4instance: travis-job-7d4861c6-08df-41da-9bf8-312c156c4684 travis-ci-ubuntu-2204-1698932501-7a1a9a36 (via amqp)
5startup: 6.445648362s
60.46s0.00s0.01s0.00s0.01s
system_info
7Build system information
8Build language: shell
9Build dist: jammy
10Build id: 270361643
11Job id: 621439269
12Runtime kernel version: 6.2.0-1018-gcp
13travis-build version: 22cc7fd4
14Build image provisioning date and time
15Thu Nov 2 02:14:52 PM UTC 2023
16Operating System Details
17Distributor ID: Ubuntu
18Description: Ubuntu 22.04.3 LTS
19Release: 22.04
20Codename: jammy
21Systemd Version
22systemd 249 (249.11-0ubuntu3.11)
23Cookbooks Version
24f5d122e https://github.com/travis-ci/travis-cookbooks/tree/f5d122e
25git version
26git version 2.42.0
27bash version
28GNU bash, version 5.1.16(1)-release (x86_64-pc-linux-gnu)
29gcc version
30gcc (Ubuntu 11.4.0-1ubuntu1~22.04) 11.4.0
31docker version
32Client:
33 Version: 24.0.5
34 API version: 1.43
35 Go version: go1.20.3
36 Git commit: 24.0.5-0ubuntu1~22.04.1
37 Built: Mon Aug 21 19:50:14 2023
38 OS/Arch: linux/amd64
39 Context: default
41Server:
42 Engine:
43 Version: 24.0.5
44 API version: 1.43 (minimum version 1.12)
45 Go version: go1.20.3
46 Git commit: 24.0.5-0ubuntu1~22.04.1
47 Built: Mon Aug 21 19:50:14 2023
48 OS/Arch: linux/amd64
49 Experimental: false
50 containerd:
51 Version: 1.7.2
52 GitCommit:
53 runc:
54 Version: 1.1.7-0ubuntu1~22.04.1
55 GitCommit:
56 docker-init:
57 Version: 0.19.0
58 GitCommit:
59clang version
60clang version 16.0.0
61jq version
62jq-1.6
63bats version
64Bats 0.4.0
65shellcheck version
660.7.2
67shfmt version
68v3.2.1
69ccache version
704.5.1
71cmake version
72cmake version 3.26.3
73heroku version
74heroku/8.7.0 linux-x64 node-v16.19.0
75imagemagick version
76Version: ImageMagick 6.9.11-60 Q16 x86_64 2021-01-25 https://imagemagick.org
77md5deep version
784.4
79mercurial version
80version 5.3
81mysql version
82mysql Ver 8.0.35-0ubuntu0.22.04.1 for Linux on x86_64 ((Ubuntu))
83openssl version
84OpenSSL 3.0.2 15 Mar 2022 (Library: OpenSSL 3.0.2 15 Mar 2022)
85packer version
861.7.5
87postgresql client version
88psql (PostgreSQL) 14.9 (Ubuntu 14.9-0ubuntu0.22.04.1)
89ragel version
90Ragel State Machine Compiler version 6.10 March 2017
91sudo version
921.9.9
93gzip version
94gzip 1.10
95zip version
96Zip 3.0
97vim version
98VIM - Vi IMproved 8.2 (2019 Dec 12, compiled Oct 16 2023 18:15:38)
99iptables version
100iptables v1.8.7 (nf_tables)
101curl version
102curl 7.81.0 (x86_64-pc-linux-gnu) libcurl/7.81.0 OpenSSL/3.0.2 zlib/1.2.11 brotli/1.0.9 zstd/1.4.8 libidn2/2.3.2 libpsl/0.21.0 (+libidn2/2.3.2) libssh/0.9.6/openssl/zlib nghttp2/1.43.0 librtmp/2.3 OpenLDAP/2.5.16
103wget version
104GNU Wget 1.21.2 built on linux-gnu.
105rsync version
106rsync version 3.2.7 protocol version 31
107gimme version
108v1.5.4
109nvm version
1100.39.5
111perlbrew version
112/home/travis/perl5/perlbrew/bin/perlbrew - App::perlbrew/0.95
113phpenv version
114rbenv 1.2.0
115rvm version
116rvm 1.29.12 (latest) by Michal Papis, Piotr Kuczynski, Wayne E. Seguin [https://rvm.io]
117default ruby version
118ruby 2.7.8p225 (2023-03-30 revision 1f4d455848) [x86_64-linux]
119default python version
120Python 3.10.12
121ElasticSearch version
1227.16.3
123Installed Firefox version
124firefox 63.0.1
125MongoDB version
126MongoDB 6.0.11
127Pre-installed Go versions
1281.18.3
129ant version
130Apache Ant(TM) version 1.10.12 compiled on January 17 1970
131mvn version
132Apache Maven 3.9.5 (57804ffe001d7215b5e7bcb531cf83df38f93546)
133gradle version
134Gradle 5.1.1!
135lein version
136Leiningen 2.10.0 on Java 11.0.21 OpenJDK 64-Bit Server VM
137Pre-installed Node.js versions
138v10.24.1
139v12.22.12
140v14.21.3
141v16.20.2
142v18.18.2
143v20.9.0
144v4.9.1
145v6.17.1
146v8.17.0
147v8.9
148phpenv versions
149 system
150 8.1
151* 8.1.2 (set by /home/travis/.phpenv/version)
152 hhvm-stable
153 hhvm
154composer --version
155Composer version 2.3.7 2022-06-06 16:43:28
156Pre-installed Ruby versions
157ruby-2.7.8
158ruby-3.0.4
159ruby-3.1.2
1610.03s0.01s0.96s0.29s0.06s0.00s0.04s0.00s0.01s0.02s0.02s0.01s0.01s0.00s0.33sOK
1620.00s0.07s0.00s0.02s0.13s0.00s0.00s0.00s0.01s0.00s0.10s0.00s1.03s0.00s0.07s6.04s0.00s3.77s0.00s2.39s
docker_mtu_and_registry_mirrors
resolvconf
git.checkout
1630.01s1.69s$ git clone --depth=10 --branch=enterprise-3.0 https://github.com/travis-ci/travis-yml.git travis-ci/travis-yml
164Cloning into 'travis-ci/travis-yml'...
165$ cd travis-ci/travis-yml
166$ git checkout -qf 5e64e0255b249470bf73b839fc2cbdc91cad6d84
1680.00s
169Setting environment variables from repository settings
170$ export QUAY_ROBOT_HANDLE=[secure]
171$ export QUAY_ROBOT_TOKEN=[secure]
173$ bash -c 'echo $BASH_VERSION'
1745.1.16(1)-release
176Skipping the before_install step, as specified in the configuration.
177Skipping the install step, as specified in the configuration.
178124.47s$ make ship
179docker build --pull --no-cache -t travisci/travis-yml:5e64e02 .
180DEPRECATED: The legacy builder is deprecated and will be removed in a future release.
181 Install the buildx component to build images with BuildKit:
182 https://docs.docker.com/go/buildx/
184Sending build context to Docker daemon 3.469MB
185Step 1/18 : FROM ruby:2.6.10-slim as base
1862.6.10-slim: Pulling from library/ruby
1871fe172e4850f: Pulling fs layer
188100f29d0fcb2: Pulling fs layer
189937a564b41a1: Pulling fs layer
19096ed6bd3a152: Pulling fs layer
19103e23c2ed14b: Pulling fs layer
19296ed6bd3a152: Waiting
19303e23c2ed14b: Waiting
194937a564b41a1: Download complete
195100f29d0fcb2: Verifying Checksum
196100f29d0fcb2: Download complete
19703e23c2ed14b: Verifying Checksum
19803e23c2ed14b: Download complete
1991fe172e4850f: Verifying Checksum
2001fe172e4850f: Download complete
20196ed6bd3a152: Verifying Checksum
20296ed6bd3a152: Download complete
2031fe172e4850f: Pull complete
204100f29d0fcb2: Pull complete
205937a564b41a1: Pull complete
20696ed6bd3a152: Pull complete
20703e23c2ed14b: Pull complete
208Digest: sha256:3d641979a7dc819b4c253dc62d2f74800817053247005f72b871d164498109df
209Status: Downloaded newer image for ruby:2.6.10-slim
210 ---> 6c7e929006b0
211Step 2/18 : RUN apt-get update > /dev/null 2>&1 && apt-get upgrade -y > /dev/null 2>&1 && rm -rf /var/lib/apt/lists/*
212 ---> Running in f2d1b5e40710
213Removing intermediate container f2d1b5e40710
214 ---> 9301090caea7
215Step 3/18 : WORKDIR /app
216 ---> Running in e2b7fbe47826
217Removing intermediate container e2b7fbe47826
218 ---> 5b3b0aefc506
219Step 4/18 : RUN gem update --system 3.4.13 > /dev/null 2>&1
220 ---> Running in 04a24d060ae3
221Removing intermediate container 04a24d060ae3
222 ---> 01b2ca6c72ca
223Step 5/18 : RUN echo "gem: --no-document" >> ~/.gemrc
224 ---> Running in 30b88b8364b6
225Removing intermediate container 30b88b8364b6
226 ---> 762b04224506
227Step 6/18 : RUN bundle config set --global no-cache 'true' && bundle config set --global frozen 'true' && bundle config set --global deployment 'true' && bundle config set --global without 'development test' && bundle config set --global clean 'true' && bundle config set --global jobs `expr $(cat /proc/cpuinfo | grep -c 'cpu cores')` && bundle config set --global retry 3
228 ---> Running in a7a9b0c014a6
229Removing intermediate container a7a9b0c014a6
230 ---> f3ad9f51aed7
231Step 7/18 : FROM base as builder
232 ---> f3ad9f51aed7
233Step 8/18 : RUN apt-get update > /dev/null 2>&1 && apt-get install -y --no-install-recommends git make gcc g++ > /dev/null 2>&1 && rm -rf /var/lib/apt/lists/*
234 ---> Running in cc05bfa878e0
235Removing intermediate container cc05bfa878e0
236 ---> 1ea56483bc2a
237Step 9/18 : COPY .ruby-version travis-yml.gemspec ./
238 ---> 1e742d75bb0c
239Step 10/18 : COPY ./lib/travis/yml/version.rb ./lib/travis/yml/version.rb
240 ---> 0d5fad887bf9
241Step 11/18 : COPY Gemfile Gemfile.lock ./
242 ---> 96fd452ed7c1
243Step 12/18 : RUN bundle install
244 ---> Running in 4698c35260fd
245Bundler 2.4.13 is running, but your lockfile was generated with 2.4.17. Installing Bundler 2.4.17 and restarting using that version.
246Fetching gem metadata from https://rubygems.org/.
247Fetching bundler 2.4.17
248Installing bundler 2.4.17
249Fetching https://github.com/travis-ci/travis-conditions
250Fetching gem metadata from https://rubygems.org/.........
251Fetching https://github.com/travis-ci/travis-conditions
252Fetching https://github.com/travis-ci/travis-metrics
253Fetching sexp_processor 4.14.1
254Fetching atomic 1.1.101
255Installing atomic 1.1.101 with native extensions
256Installing sexp_processor 4.14.1
257Fetching multipart-post 2.1.1
258Installing multipart-post 2.1.1
259Fetching hashr 2.0.1
260Installing hashr 2.0.1
261Fetching hitimes 1.3.1
262Installing hitimes 1.3.1 with native extensions
263Fetching memoyze 0.0.1
264Installing memoyze 0.0.1
265Fetching multi_json 1.15.0
266Installing multi_json 1.15.0
267Fetching ruby2_keywords 0.0.5
268Installing ruby2_keywords 0.0.5
269Fetching nio4r 2.5.8
270Installing nio4r 2.5.8 with native extensions
271Fetching oj 3.7.12
272Installing oj 3.7.12 with native extensions
273Fetching parslet 1.8.2
274Installing parslet 1.8.2
275Fetching rack 2.2.4
276Installing rack 2.2.4
277Fetching rack-ssl-enforcer 0.2.9
278Installing rack-ssl-enforcer 0.2.9
279Fetching redcarpet 3.5.1
280Installing redcarpet 3.5.1 with native extensions
281Fetching regstry 1.0.15
282Installing regstry 1.0.15
283Fetching ruby-obj 1.0.0
284Installing ruby-obj 1.0.0
285Fetching sh_vars 1.0.2
286Installing sh_vars 1.0.2
287Fetching tilt 2.0.11
288Installing tilt 2.0.11
289Fetching tins 1.24.1
290Installing tins 1.24.1
291Fetching ruby_parser 3.14.2
292Installing ruby_parser 3.14.2
293Fetching faraday 0.15.4
294Installing faraday 0.15.4
295Fetching travis-config 1.1.3
296Installing travis-config 1.1.3
297Fetching avl_tree 1.2.1
298Installing avl_tree 1.2.1
299Fetching mustermann 2.0.2
300Installing mustermann 2.0.2
301Fetching puma 4.3.12
302Installing puma 4.3.12 with native extensions
303Fetching rack-cors 1.1.1
304Installing rack-cors 1.1.1
305Fetching rack-protection 2.2.3
306Installing rack-protection 2.2.3
307Fetching protocol 2.0.0
308Installing protocol 2.0.0
309Fetching faraday_middleware 0.14.0
310Installing faraday_middleware 0.14.0
311Fetching sentry-raven 2.9.0
312Installing sentry-raven 2.9.0
313Fetching metriks 0.9.9.8
314Installing metriks 0.9.9.8
315Fetching sinatra 2.2.3
316Installing sinatra 2.2.3
317Fetching mize 0.4.0
318Installing mize 0.4.0
319Fetching metriks-librato_metrics 1.0.6
320Installing metriks-librato_metrics 1.0.6
321Fetching sinatra-contrib 2.2.3
322Installing sinatra-contrib 2.2.3
323Fetching amatch 0.4.0
324Installing amatch 0.4.0 with native extensions
325Bundle complete! 17 Gemfile dependencies, 41 gems now installed.
326Gems in the groups 'development' and 'test' were not installed.
327Bundled gems are installed into `./vendor/bundle`
328Post-install message from atomic:
329This gem has been deprecated and merged into Concurrent Ruby (http://concurrent-ruby.com).
330Removing intermediate container 4698c35260fd
331 ---> fbbb57fb5cb9
332Step 13/18 : FROM base
333 ---> f3ad9f51aed7
334Step 14/18 : LABEL maintainer Travis CI GmbH <support+travis-live-docker-images@travis-ci.com>
335 ---> Running in b5aefc015ffc
336Removing intermediate container b5aefc015ffc
337 ---> 70ff9b805050
338Step 15/18 : COPY --from=builder /usr/local/bundle /usr/local/bundle
339 ---> caacff986f1c
340Step 16/18 : COPY --from=builder /app/vendor ./vendor
341 ---> 99fb513d9f8e
342Step 17/18 : COPY . ./
343 ---> b74d2f1a1d63
344Step 18/18 : CMD ["bundle", "exec", "puma", "-C", "lib/travis/yml/web/puma.rb"]
345 ---> Running in 8026d8f8a2bb
346Removing intermediate container 8026d8f8a2bb
347 ---> 8f6fe17e0e50
348Successfully built 8f6fe17e0e50
349Successfully tagged travisci/travis-yml:5e64e02
350docker login -u=[secure] -p=[secure] quay.io
351WARNING! Using --password via the CLI is insecure. Use --password-stdin.
352WARNING! Your password will be stored unencrypted in /home/travis/.docker/config.json.
353Configure a credential helper to remove this warning. See
354https://docs.docker.com/engine/reference/commandline/login/#credentials-store
356Login Succeeded
357docker tag travisci/travis-yml:5e64e02 quay.io/travisci/travis-yml:5e64e02-enterprise-3.0
358docker push quay.io/travisci/travis-yml:5e64e02-enterprise-3.0
359The push refers to repository [quay.io/travisci/travis-yml]
360f0a39d3f7950: Preparing
361afa9cf1003ce: Preparing
36238d4af8463f7: Preparing
3634cc9626f8927: Preparing
364f68b97eb95b9: Preparing
365ceed96a5eb55: Preparing
36608fd1ccefd4b: Preparing
367bb071dfcf595: Preparing
3689ce6f9af70fc: Preparing
36972325fcd36b7: Preparing
370833c59850580: Preparing
3713471fad30f0e: Preparing
3729c1b6dd6c1e6: Preparing
373ceed96a5eb55: Waiting
37408fd1ccefd4b: Waiting
375bb071dfcf595: Waiting
3769ce6f9af70fc: Waiting
37772325fcd36b7: Waiting
378833c59850580: Waiting
3793471fad30f0e: Waiting
3809c1b6dd6c1e6: Waiting
3814cc9626f8927: Pushed
382f68b97eb95b9: Pushed
383f0a39d3f7950: Pushed
38438d4af8463f7: Pushed
3859ce6f9af70fc: Layer already exists
386afa9cf1003ce: Pushed
38708fd1ccefd4b: Pushed
38872325fcd36b7: Layer already exists
389833c59850580: Layer already exists
3909c1b6dd6c1e6: Layer already exists
3913471fad30f0e: Layer already exists
392ceed96a5eb55: Pushed
393bb071dfcf595: Pushed
3945e64e02-enterprise-3.0: digest: sha256:3ee92f628db55978bd0bcc3dd91505e430e4eebc0b935698eb6d4a314739adaf size: 3041
395docker run --rm -v /tmp:/root/.cache/ -v /var/run/docker.sock:/var/run/docker.sock aquasec/trivy i --ignore-unfixed quay.io/travisci/travis-yml:5e64e02-enterprise-3.0
396Unable to find image 'aquasec/trivy:latest' locally
397latest: Pulling from aquasec/trivy
3984abcf2066143: Pulling fs layer
399bd6651fa9674: Pulling fs layer
400e8ba746a6b5b: Pulling fs layer
401405581c47843: Pulling fs layer
402405581c47843: Waiting
403bd6651fa9674: Verifying Checksum
404bd6651fa9674: Download complete
4054abcf2066143: Verifying Checksum
4064abcf2066143: Download complete
4074abcf2066143: Pull complete
408e8ba746a6b5b: Verifying Checksum
409e8ba746a6b5b: Download complete
410405581c47843: Verifying Checksum
411405581c47843: Download complete
412bd6651fa9674: Pull complete
413e8ba746a6b5b: Pull complete
414405581c47843: Pull complete
415Digest: sha256:3cd377b27f4b9e52fc66e4b62c9b73b15bd07f0f5dfb7cdb9f21aeaaf72dbd9e
416Status: Downloaded newer image for aquasec/trivy:latest
4172024-05-08T07:01:08Z INFO Need to update DB
4182024-05-08T07:01:08Z INFO Downloading DB... repository="ghcr.io/aquasecurity/trivy-db:2"
41922.35 MiB / 45.97 MiB [----------------------------->_______________________________] 48.62% ? p/s ?45.97 MiB / 45.97 MiB [----------------------------------------------------------->] 100.00% ? p/s ?45.97 MiB / 45.97 MiB [----------------------------------------------------------->] 100.00% ? p/s ?45.97 MiB / 45.97 MiB [---------------------------------------------->] 100.00% 39.36 MiB p/s ETA 0s45.97 MiB / 45.97 MiB [---------------------------------------------->] 100.00% 39.36 MiB p/s ETA 0s45.97 MiB / 45.97 MiB [---------------------------------------------->] 100.00% 39.36 MiB p/s ETA 0s45.97 MiB / 45.97 MiB [---------------------------------------------->] 100.00% 36.82 MiB p/s ETA 0s45.97 MiB / 45.97 MiB [---------------------------------------------->] 100.00% 36.82 MiB p/s ETA 0s45.97 MiB / 45.97 MiB [---------------------------------------------->] 100.00% 36.82 MiB p/s ETA 0s45.97 MiB / 45.97 MiB [---------------------------------------------->] 100.00% 34.45 MiB p/s ETA 0s45.97 MiB / 45.97 MiB [-------------------------------------------------] 100.00% 25.32 MiB p/s 2.0s2024-05-08T07:01:10Z INFO Vulnerability scanning is enabled
4202024-05-08T07:01:10Z INFO Secret scanning is enabled
4212024-05-08T07:01:10Z INFO If your scanning is slow, please try '--scanners vuln' to disable secret scanning
4222024-05-08T07:01:10Z INFO Please see also https://aquasecurity.github.io/trivy/v0.51/docs/scanner/secret/#recommendation for faster secret detection
4232024-05-08T07:01:21Z INFO Detected OS family="debian" version="11.9"
4242024-05-08T07:01:21Z INFO [debian] Detecting vulnerabilities... os_version="11" pkg_num=120
4252024-05-08T07:01:21Z INFO Number of language-specific files num=3
4262024-05-08T07:01:21Z INFO [cargo] Detecting vulnerabilities...
4272024-05-08T07:01:21Z INFO [gemspec] Detecting vulnerabilities...
4282024-05-08T07:01:21Z INFO Table result includes only package filenames. Use '--format json' option to get the full path to the package file.
430quay.io/travisci/travis-yml:5e64e02-enterprise-3.0 (debian 11.9)
431================================================================
432Total: 0 (UNKNOWN: 0, LOW: 0, MEDIUM: 0, HIGH: 0, CRITICAL: 0)
435Ruby (gemspec)
436==============
437Total: 14 (UNKNOWN: 0, LOW: 1, MEDIUM: 7, HIGH: 6, CRITICAL: 0)
439┌───────────────────────────────────┬────────────────┬──────────┬────────┬───────────────────┬──────────────────────────────────────────────────────────┬────────────────────────────────────────────────────────────┐
440│ Library │ Vulnerability │ Severity │ Status │ Installed Version │ Fixed Version │ Title │
441├───────────────────────────────────┼────────────────┼──────────┼────────┼───────────────────┼──────────────────────────────────────────────────────────┼────────────────────────────────────────────────────────────┤
442│ json (json-2.1.0.gemspec) │ CVE-2020-10663 │ HIGH │ fixed │ 2.1.0 │ >= 2.3.0 │ rubygem-json: Unsafe object creation vulnerability in JSON │
443│ │ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2020-10663 │
444├───────────────────────────────────┼────────────────┼──────────┤ ├───────────────────┼──────────────────────────────────────────────────────────┼─────────────────────────���──────────────────────────────────┤
445│ puma (puma-4.3.12.gemspec) │ CVE-2023-40175 │ MEDIUM │ │ 4.3.12 │ ~> 5.6.7, >= 6.3.1 │ rubygem-puma: HTTP request smuggling when parsing chunked │
446│ │ │ │ │ │ │ transfer encoding bodies and zero-length... │
447│ │ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-40175 │
448│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────┼────────────────────────────────────────────────────────────┤
449│ │ CVE-2024-21647 │ │ │ │ ~> 5.6.8, >= 6.4.2 │ rubygem-puma: HTTP request smuggling when parsing chunked │
450│ │ │ │ │ │ │ Transfer-Encoding Bodies │
451│ │ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2024-21647 │
452├───────────────────────────────────┼────────────────┼──────────┤ ├───────────────────┼──────────────────────────────────────────────────────────┼────────────────────────────────────────────────────────────┤
453│ rack (rack-2.2.4.gemspec) │ CVE-2022-44570 │ HIGH │ │ 2.2.4 │ ~> 2.0.9, >= 2.0.9.2, ~> 2.1.4, >= 2.1.4.2, ~> 2.2.6, >= │ rubygem-rack: denial of service in Content-Disposition │
454│ │ │ │ │ │ 2.2.6.2, >= 3.0.4.1 │ parsing │
455│ │ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-44570 │
456│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────┼────────────────────────────────────────────────────────────┤
457│ │ CVE-2022-44571 │ │ │ │ ~> 2.0.9, >= 2.0.9.2, ~> 2.1.4, >= 2.1.4.2, ~> 2.2.6, >= │ rubygem-rack: denial of service in Content-Disposition │
458│ │ │ │ │ │ 2.2.6.1, >= 3.0.4.1 │ parsing │
459│ │ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-44571 │
460│ ├────────────────┤ │ │ │ ├────────────────────────────────────────────────────────────┤
461│ │ CVE-2022-44572 │ │ │ │ │ rubygem-rack: denial of service in Content-Disposition │
462│ │ │ │ │ │ │ parsing │
463│ │ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-44572 │
464│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────┼────────────────────────────────────────────────────────────┤
465│ │ CVE-2023-27530 │ │ │ │ ~> 2.0.9, >= 2.0.9.3, ~> 2.1.4, >= 2.1.4.3, ~> 2.2.6, >= │ rubygem-rack: Denial of service in Multipart MIME parsing │
466│ │ │ │ │ │ 2.2.6.3, >= 3.0.4.2 │ https://avd.aquasec.com/nvd/cve-2023-27530 │
467│ ├────────────────┼──────────┤ │ ├──────────────────────────────────────────────────────────┼────────────────────────────────────────────────────────────┤
468│ │ CVE-2023-27539 │ MEDIUM │ │ │ ~> 2.0, >= 2.2.6.4, >= 3.0.6.1 │ rubygem-rack: denial of service in header parsing │
469│ │ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-27539 │
470│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────┼────────────────────────────────────────────────────────────┤
471│ │ CVE-2024-25126 │ │ │ │ ~> 2.2.8, >= 2.2.8.1, >= 3.0.9.1 │ rubygem-rack: Denial of Service Vulnerability in Rack │
472│ │ │ │ │ │ │ Content-Type Parsing │
473│ │ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2024-25126 │
474│ ├────────────────┤ │ │ │ ├────────────────────────────────────────────────────────────┤
475│ │ CVE-2024-26141 │ │ │ │ │ rubygem-rack: Possible DoS Vulnerability with Range Header │
476│ │ │ │ │ │ │ in Rack │
477│ │ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2024-26141 │
478│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────┼────────────────────────────────────────────────────────────┤
479│ │ CVE-2024-26146 │ │ │ │ ~> 2.0.9, >= 2.0.9.4, ~> 2.1.4, >= 2.1.4.4, ~> 2.2.8, >= │ rubygem-rack: Possible Denial of Service Vulnerability in │
480│ │ │ │ │ │ 2.2.8.1, >= 3.0.9.1 │ Rack Header Parsing │
481│ │ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2024-26146 │
482├───────────────────────────────────┼────────────────┤ │ ├───────────────────┼──────────────────────────────────────────────────────────┼──────────────────────────────────────────���─────────────────┤
483│ rdoc (rdoc-6.1.2.1.gemspec) │ CVE-2024-27281 │ │ │ 6.1.2.1 │ ~> 6.3.4, >= 6.3.4.1, ~> 6.4.1, >= 6.4.1.1, >= 6.5.1.1 │ ruby: RCE vulnerability with .rdoc_options in RDoc │
484│ │ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2024-27281 │
485├───────────────────────────────────┼────────────────┼──────────┤ ├───────────────────┼──────────────────────────────────────────────────────────┼────────────────────────────────────────────────────────────┤
486│ stringio (stringio-0.0.2.gemspec) │ CVE-2024-27280 │ LOW │ │ 0.0.2 │ >= 3.0.1.1 │ ruby: Buffer overread vulnerability in StringIO │
487│ │ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2024-27280 │
488├───────────────────────────────────┼────────────────┼──────────┤ ├───────────────────┼──────────────────────────────────────────────────────────┼────────────────────────────────────────────────────────────┤
489│ webrick (webrick-1.4.4.gemspec) │ CVE-2020-25613 │ HIGH │ │ 1.4.4 │ >= 1.6.1 │ ruby: Potential HTTP request smuggling in WEBrick │
490│ │ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2020-25613 │
491└───────────────────────────────────┴────────────────┴──────────┴────────┴───────────────────┴──────────────────────────────────────────────────────────┴────────────────────────────────────────────────────────────┘
493usr/local/bundle/gems/rubygems-update-3.4.13/test/rubygems/test_gem_ext_cargo_builder/custom_name/ext/custom_name_lib/Cargo.lock (cargo)
494========================================================================================================================================
495Total: 1 (UNKNOWN: 0, LOW: 0, MEDIUM: 0, HIGH: 1, CRITICAL: 0)
497┌─────────┬─────────────────────┬──────────┬────────┬───────────────────┬───────────────┬───────────────────────────────────────────────────┐
498│ Library │ Vulnerability │ Severity │ Status │ Installed Version │ Fixed Version │ Title │
499├─────────┼─────────────────────┼──────────┼────────┼───────────────────┼───────────────┼───────────────────────────────────────────────────┤
500│ shlex │ GHSA-r7qv-8r2h-pg27 │ HIGH │ fixed │ 1.1.0 │ 1.3.0 │ Multiple issues involving quote API in shlex │
501│ │ │ │ │ │ │ https://github.com/advisories/GHSA-r7qv-8r2h-pg27 │
502└─────────┴─────────────────────┴──────────┴────────┴───────────────────┴───────────────┴───────────────────────────────────────────────────┘
504usr/local/bundle/gems/rubygems-update-3.4.13/test/rubygems/test_gem_ext_cargo_builder/rust_ruby_example/Cargo.lock (cargo)
505==========================================================================================================================
506Total: 1 (UNKNOWN: 0, LOW: 0, MEDIUM: 0, HIGH: 1, CRITICAL: 0)
508┌─────────┬─────────────────────┬──────────┬────────┬───────────────────┬───────────────┬───────────────────────────────────────────────────┐
509│ Library │ Vulnerability │ Severity │ Status │ Installed Version │ Fixed Version │ Title │
510├─────────┼─────────────────────┼──────────┼────────┼───────────────────┼───────────────���───────────────────────────────────────────────────┤
511│ shlex │ GHSA-r7qv-8r2h-pg27 │ HIGH │ fixed │ 1.1.0 │ 1.3.0 │ Multiple issues involving quote API in shlex │
512│ │ │ │ │ │ │ https://github.com/advisories/GHSA-r7qv-8r2h-pg27 │
513└─────────┴─────────────────────┴──────────┴────────┴───────────────────┴───────────────┴───────────────────────────────────────────────────┘
514The command "make ship" exited with 0.
517Done. Your build exited with 0.
Top