Critical vulnerability for rack 0.0.0 in docker-scout #495

IainMcHugh · 2024-03-14T12:56:57Z

IainMcHugh
Mar 14, 2024

Hello

I am currently using "@pact-foundation/pact": "^12.3.0" as a dev dependency in a NextJS project. Docker-scout is listing a critical vulnerability for rack 0.0.0 , and the package path is:

Type: gem
Location: 
  /node_modules/@pact-foundation/pact-core/standalone/darwin-arm64-2.4.2/pact/lib/vendor/ruby/3.2.0/gems/rack-2.2.8.1/rack.gemspec
  /node_modules/@pact-foundation/pact-core/standalone/darwin-x64-2.4.2/pact/lib/vendor/ruby/3.2.0/gems/rack-2.2.8.1/rack.gemspec
  /node_modules/@pact-foundation/pact-core/standalone/linux-arm64-2.4.2/pact/lib/vendor/ruby/3.2.0/gems/rack-2.2.8.1/rack.gemspec
  /node_modules/@pact-foundation/pact-core/standalone/linux-x64-2.4.2/pact/lib/vendor/ruby/3.2.0/gems/rack-2.2.8.1/rack.gemspec
  /node_modules/@pact-foundation/pact-core/standalone/windows-x64-2.4.2/pact/lib/vendor/ruby/3.2.0/gems/rack-2.2.8.1/rack.gemspec

We upgraded the @pact-foundation/pact version based on this issue hoping it would fix this but the location is linking back to @pact-foundation/pact-core

YOU54F · 2024-06-17T18:12:49Z

YOU54F
Jun 17, 2024
Maintainer

Please see response on #501

0 replies

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

Critical vulnerability for rack 0.0.0 in docker-scout #495

Uh oh!

{{title}}

Uh oh!

Uh oh!

{{editor}}'s edit

{{editor}}'s edit

Uh oh!

Replies: 1 comment

Uh oh!

{{title}}

Uh oh!

Select a reply

Uh oh!

Critical vulnerability for rack 0.0.0 in docker-scout #495

Uh oh!

Uh oh!

IainMcHugh Mar 14, 2024

Replies: 1 comment

Uh oh!

YOU54F Jun 17, 2024 Maintainer

IainMcHugh
Mar 14, 2024

YOU54F
Jun 17, 2024
Maintainer