.github/workflows/test-fs-action-sarif.yaml #9
This run and associated checks have been archived and are scheduled for deletion.
Learn more about checks retention
test-fs-action-sarif.yaml
on: workflow_dispatch
fs_scan_job
29s
Annotations
10 errors
[HIGH] AWS Access Key ID:
test/samples/my-secrets.tf#L1
Details:
Access keys are long-term credentials for an IAM user or the AWS account root
user. You can use access keys to sign programmatic requests to the AWS CLI or AWS
API (directly or using the AWS SDK).
Recommendation:ֿ
Take immediate action to mitigate the risk of the identified hard-coded secret by
locating where it is used, revoking it, and ensuring it is update in all
dependent systems.
|
django (CVE-2023-31047):
test/samples/poetry.lock#L1
Severity: CRITICAL
CVSS3 Score: 9.8
Installed version: 3.2.14
Fixed version: 3.2.19, 4.1.9, 4.2.1
|
joblib (CVE-2022-21797):
test/samples/poetry.lock#L1
Severity: CRITICAL
CVSS3 Score: 9.8
Installed version: 1.1.0
Fixed version: 1.2.0
|
werkzeug (CVE-2022-29361):
test/samples/poetry.lock#L1
Severity: CRITICAL
CVSS2 Score: 7.5
CVSS3 Score: 9.8
Installed version: 2.0.3
Fixed version: 2.1.1
|
certifi (CVE-2022-23491):
test/samples/poetry.lock#L1
Severity: HIGH
CVSS3 Score: 7.5
Installed version: 2021.10.8
Fixed version: 2022.12.7
|
cryptography (CVE-2023-0286):
test/samples/poetry.lock#L1
Severity: HIGH
CVSS3 Score: 7.4
Installed version: 3.4.7
Fixed version: 39.0.1
|
django (CVE-2022-36359):
test/samples/poetry.lock#L1
Severity: HIGH
CVSS3 Score: 8.8
Installed version: 3.2.14
Fixed version: 3.2.15, 4.0.7
|
django (CVE-2022-41323):
test/samples/poetry.lock#L1
Severity: HIGH
CVSS3 Score: 7.5
Installed version: 3.2.14
Fixed version: 3.2.16, 4.0.8, 4.1.2
|
django (CVE-2023-23969):
test/samples/poetry.lock#L1
Severity: HIGH
CVSS3 Score: 7.5
Installed version: 3.2.14
Fixed version: 3.2.17, 4.0.9, 4.1.6
|
django (CVE-2023-24580):
test/samples/poetry.lock#L1
Severity: HIGH
CVSS3 Score: 7.5
Installed version: 3.2.14
Fixed version: 3.2.18, 4.0.10, 4.1.7
|