CVEs Impacting Pipelines

JFrog Release Information

ft:sourceType
Paligo

CVE

Severity

Pipelines Fix Version

Reason

CVE-2022-24921

High

1.27.0

User can cause stack exhaustion using jfrog cli in a step, but this would merely lead to a step failing.

CVE-2022-30634

High

1.27.0

Jfrog cli prevents a max buffer from being passed by the user.

CVE-2022-0235

Medium

1.24.0

Removed node-fetch dependency.