Docker Scout indicates vulnerabilities across various versions of the gh command line tool, including the latest stable release version 2.74.2.
$ docker scout cves -e fs://gh
✓ File system read
✓ Indexed 168 packages
✗ Detected 1 vulnerable package with 1 vulnerability
## Overview
│ Analyzed path
────────────────────┼──────────────────────────────
Target │ fs://gh
vulnerabilities │ 0C 0H 1M 0L
## Packages and Vulnerabilities
0C 0H 1M 0L github.com/go-viper/mapstructure/v2 2.2.1
pkg:golang/github.com/go-viper/[email protected]#v2
✗ MEDIUM GHSA-fv92-fjc5-jj9h [Insertion of Sensitive Information into Log File]
https://scout.docker.com/v/GHSA-fv92-fjc5-jj9h
Affected range : <2.3.0
Fixed version : 2.3.0
CVSS Score : 5.3
CVSS Vector : CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N
1 vulnerability found in 1 package
CRITICAL 0
HIGH 0
MEDIUM 1
LOW 0Also recommend regularly scanning the project with the standard govulncheck SCA tool, to catch these problems sooner.
Docker Scout indicates vulnerabilities across various versions of the gh command line tool, including the latest stable release version 2.74.2.
Also recommend regularly scanning the project with the standard govulncheck SCA tool, to catch these problems sooner.