Vulnerability	Vulnerable Version
M Use of Incorrectly-Resolved Name or Reference @cyclonedx/cdxgen is a Creates CycloneDX Software Bill of Materials (SBOM) from source or container image Affected versions of this package are vulnerable to Use of Incorrectly-Resolved Name or Reference in path resolution performed in `docker.js`, before credential selection. An attacker who controls a malicious public registry whose hostname is a suffix (right side substring) match for a private registry for which a user has credentials in the `X-Registry-Auth` header, can expose those private registry credentials by convincing the user to scan or pull an image from the malicious registry. How to fix Use of Incorrectly-Resolved Name or Reference? Upgrade `@cyclonedx/cdxgen` to version 12.3.3 or higher.	>=9.9.5 <12.3.3

Use of Incorrectly-Resolved Name or Reference

@cyclonedx/cdxgen is a Creates CycloneDX Software Bill of Materials (SBOM) from source or container image

Affected versions of this package are vulnerable to Use of Incorrectly-Resolved Name or Reference in path resolution performed in docker.js, before credential selection. An attacker who controls a malicious public registry whose hostname is a suffix (right side substring) match for a private registry for which a user has credentials in the X-Registry-Auth header, can expose those private registry credentials by convincing the user to scan or pull an image from the malicious registry.

How to fix Use of Incorrectly-Resolved Name or Reference?

Upgrade @cyclonedx/cdxgen to version 12.3.3 or higher.

>=9.9.5 <12.3.3

Go back to all versions of this package