mirror of
https://github.com/fleetdm/fleet
synced 2026-04-27 08:27:42 +00:00
c557bcb782
Update our `security/status.md` file after analyzing currently reported vulnerabilities. https://github.com/fleetdm/fleet/actions/runs/20115346825 <img width="1711" height="645" alt="Screenshot 2025-12-10 at 7 41 00 PM" src="https://github.com/user-attachments/assets/97e17b58-50a8-4556-9ceb-bcb6701d7d61" />
26 lines
794 B
JSON
26 lines
794 B
JSON
{
|
|
"@context": "https://openvex.dev/ns/v0.2.0",
|
|
"@id": "https://openvex.dev/docs/public/vex-205287daa41f5f47e114aa1b974930f4188026e04e84d1d2009d64a6b30d7ef8",
|
|
"author": "@lucasmrod",
|
|
"timestamp": "2025-12-10T19:04:42.718401-03:00",
|
|
"version": 1,
|
|
"statements": [
|
|
{
|
|
"vulnerability": {
|
|
"name": "CVE-2025-65018"
|
|
},
|
|
"timestamp": "2025-12-10T19:04:42.718402-03:00",
|
|
"products": [
|
|
{
|
|
"@id": "fleetctl"
|
|
},
|
|
{
|
|
"@id": "pkg:deb/debian/libpng16-16"
|
|
}
|
|
],
|
|
"status": "not_affected",
|
|
"status_notes": "fleetdm/fleetctl does not use libpng. Fleet components use the 'image/png' Go package for png processing",
|
|
"justification": "vulnerable_code_cannot_be_controlled_by_adversary"
|
|
}
|
|
]
|
|
}
|