CVEs Impacting Xray

Xray Release Information

Products
JFrog Xray
ft:sourceType
Paligo

The following is a list of CVEs that were discovered to impact Xray and were fixed.

CVE

Severity

Xray Fix Version

Fix Description

CVE-2022-31030

Medium

3.60.2

Upgraded github.com/containerd/containerd version to 1.5.13.

CVE-2022-28948

High

3.60.2

Upgraded gopkg.in/yaml.v3:3.0.0-20200313102051 version to gopkg.in/yaml.v3:3.0.1.

CVE-2022-27664

High

3.60.2

3.61.5

Upgraded golang.org/x/net v0.0.0-20220722155237 to golang.org/x/net version 0.1.0

Upgraded golang.org/x/sys v0.0.0-20220722155237 to golang.org/x/sys v0.1.0

Upgraded golang.org/x/net v0.3.7 to golang.org/x/text v0.4.0.

CVE-2022-32149

High

3.60.2

Upgraded from 0.3.7 to 0.3.8.

CVE-2022-32189

High

3.59.4

Upgraded Golang version to 1.18.5.

CVE-2021-38197

Critical

3.57.6

Upgraded go-unarr library to version v0.1.4.

CVE-2022-29526

Medium

3.55.2

Upgraded Golang version to 1.18.4.

CVE-2022-30634

High

3.55.2

Upgraded Golang version to 1.18.4.

CVE-2022-30632

High

3.55.2

Upgraded Golang version to 1.18.4.

CVE-2022-30630

High

3.55.2

Upgraded Golang version to 1.18.4.

CVE-2022-30631

High

3.55.2

Upgraded Golang version to 1.18.4.

CVE-2022-24769

Medium

3.54.5

Upgraded Containerd version to 1.5.11.

CVE-2022-29526

Medium

3.54.5

Upgraded to Golang version to 1.17.11.

CVE-2022-23806

Critical

3.50.3

Upgraded JFrog router version to 7.39.0.

CVE-2022-27191

High

3.49.0

Upgraded golang.org/x/cryptoto v0.0.0-20220314234659-1baeb1ce4c0.

CVE-2022-24675

High

3.48.2

Upgraded Golang version to 1.17.9.

CVE-2022-24921

High

3.48.2

Upgraded Golang version to 1.17.9.

CVE-2021-43816

Critical

3.42.3

Upgraded Containerd version to 1.5.9.

CVE-2021-44717

Medium

3.41.4

Upgraded Golang version to 1.17.5.

CVE-2021-44716

High

3.41.4

Upgraded Golang version to 1.17.5.

CVE-2021-41771

High

3.38.1

Upgraded Golang version to 1.17.3.

CVE-2021-33196

High

3.34.1

Upgraded Golang version to 1.15.13, 1.16.5.