2021-12-12 22:42:29 +00:00
---
hide:
- toc
---
# Security Overview
< link href = "https://truecharts.org/_static/trivy.css" type = "text/css" rel = "stylesheet" / >
## Helm-Chart
##### Scan Results
#### Chart Object: firefox/templates/common.yaml
2021-12-13 11:05:05 +00:00
2021-12-12 22:42:29 +00:00
| Type | Misconfiguration ID | Check | Severity | Explaination | Links |
|:----------------|:------------------:|:-----------:|:------------------:|-----------------------------------------|-----------------------------------------|
2022-03-02 12:51:49 +00:00
| Kubernetes Security Check | KSV001 | Process can elevate its own privileges | MEDIUM | < details > < summary > Expand...< / summary > A program inside the container can elevate its own privileges and run as root, which might give the program control over the container and node. < br > < hr > < br > Container ' hostpatch' of Deployment ' RELEASE-NAME-firefox' should set ' securityContext.allowPrivilegeEscalation' to false < / details > | < details > < summary > Expand...< / summary > < a href = "https://kubernetes.io/docs/concepts/security/pod-security-standards/#restricted" > https://kubernetes.io/docs/concepts/security/pod-security-standards/#restricted< / a > < br > < a href = "https://avd.aquasec.com/appshield/ksv001" > https://avd.aquasec.com/appshield/ksv001< / a > < br > < / details > |
2021-12-12 22:42:29 +00:00
| Kubernetes Security Check | KSV003 | Default capabilities not dropped | LOW | < details > < summary > Expand...< / summary > The container should drop all default capabilities and add only those that are needed for its execution. < br > < hr > < br > Container ' RELEASE-NAME-firefox' of Deployment ' RELEASE-NAME-firefox' should add ' ALL' to ' securityContext.capabilities.drop' < / details > | < details > < summary > Expand...< / summary > < a href = "https://kubesec.io/basics/containers-securitycontext-capabilities-drop-index-all/" > https://kubesec.io/basics/containers-securitycontext-capabilities-drop-index-all/< / a > < br > < a href = "https://avd.aquasec.com/appshield/ksv003" > https://avd.aquasec.com/appshield/ksv003< / a > < br > < / details > |
2022-03-02 12:51:49 +00:00
| Kubernetes Security Check | KSV003 | Default capabilities not dropped | LOW | < details > < summary > Expand...< / summary > The container should drop all default capabilities and add only those that are needed for its execution. < br > < hr > < br > Container ' hostpatch' of Deployment ' RELEASE-NAME-firefox' should add ' ALL' to ' securityContext.capabilities.drop' < / details > | < details > < summary > Expand...< / summary > < a href = "https://kubesec.io/basics/containers-securitycontext-capabilities-drop-index-all/" > https://kubesec.io/basics/containers-securitycontext-capabilities-drop-index-all/< / a > < br > < a href = "https://avd.aquasec.com/appshield/ksv003" > https://avd.aquasec.com/appshield/ksv003< / a > < br > < / details > |
| Kubernetes Security Check | KSV011 | CPU not limited | LOW | < details > < summary > Expand...< / summary > Enforcing CPU limits prevents DoS via resource exhaustion. < br > < hr > < br > Container ' hostpatch' of Deployment ' RELEASE-NAME-firefox' should set ' resources.limits.cpu' < / details > | < details > < summary > Expand...< / summary > < a href = "https://cloud.google.com/blog/products/containers-kubernetes/kubernetes-best-practices-resource-requests-and-limits" > https://cloud.google.com/blog/products/containers-kubernetes/kubernetes-best-practices-resource-requests-and-limits< / a > < br > < a href = "https://avd.aquasec.com/appshield/ksv011" > https://avd.aquasec.com/appshield/ksv011< / a > < br > < / details > |
2021-12-12 22:42:29 +00:00
| Kubernetes Security Check | KSV012 | Runs as root user | MEDIUM | < details > < summary > Expand...< / summary > ' runAsNonRoot' forces the running image to run as a non-root user to ensure least privileges. < br > < hr > < br > Container ' RELEASE-NAME-firefox' of Deployment ' RELEASE-NAME-firefox' should set ' securityContext.runAsNonRoot' to true < / details > | < details > < summary > Expand...< / summary > < a href = "https://kubernetes.io/docs/concepts/security/pod-security-standards/#restricted" > https://kubernetes.io/docs/concepts/security/pod-security-standards/#restricted< / a > < br > < a href = "https://avd.aquasec.com/appshield/ksv012" > https://avd.aquasec.com/appshield/ksv012< / a > < br > < / details > |
| Kubernetes Security Check | KSV012 | Runs as root user | MEDIUM | < details > < summary > Expand...< / summary > ' runAsNonRoot' forces the running image to run as a non-root user to ensure least privileges. < br > < hr > < br > Container ' autopermissions' of Deployment ' RELEASE-NAME-firefox' should set ' securityContext.runAsNonRoot' to true < / details > | < details > < summary > Expand...< / summary > < a href = "https://kubernetes.io/docs/concepts/security/pod-security-standards/#restricted" > https://kubernetes.io/docs/concepts/security/pod-security-standards/#restricted< / a > < br > < a href = "https://avd.aquasec.com/appshield/ksv012" > https://avd.aquasec.com/appshield/ksv012< / a > < br > < / details > |
2022-03-02 12:51:49 +00:00
| Kubernetes Security Check | KSV012 | Runs as root user | MEDIUM | < details > < summary > Expand...< / summary > ' runAsNonRoot' forces the running image to run as a non-root user to ensure least privileges. < br > < hr > < br > Container ' hostpatch' of Deployment ' RELEASE-NAME-firefox' should set ' securityContext.runAsNonRoot' to true < / details > | < details > < summary > Expand...< / summary > < a href = "https://kubernetes.io/docs/concepts/security/pod-security-standards/#restricted" > https://kubernetes.io/docs/concepts/security/pod-security-standards/#restricted< / a > < br > < a href = "https://avd.aquasec.com/appshield/ksv012" > https://avd.aquasec.com/appshield/ksv012< / a > < br > < / details > |
2022-01-20 16:17:06 +00:00
| Kubernetes Security Check | KSV014 | Root file system is not read-only | LOW | < details > < summary > Expand...< / summary > An immutable root file system prevents applications from writing to their local disk. This can limit intrusions, as attackers will not be able to tamper with the file system or write foreign executables to disk. < br > < hr > < br > Container ' RELEASE-NAME-firefox' of Deployment ' RELEASE-NAME-firefox' should set ' securityContext.readOnlyRootFilesystem' to true < / details > | < details > < summary > Expand...< / summary > < a href = "https://kubesec.io/basics/containers-securitycontext-readonlyrootfilesystem-true/" > https://kubesec.io/basics/containers-securitycontext-readonlyrootfilesystem-true/< / a > < br > < a href = "https://avd.aquasec.com/appshield/ksv014" > https://avd.aquasec.com/appshield/ksv014< / a > < br > < / details > |
2021-12-12 22:42:29 +00:00
| Kubernetes Security Check | KSV014 | Root file system is not read-only | LOW | < details > < summary > Expand...< / summary > An immutable root file system prevents applications from writing to their local disk. This can limit intrusions, as attackers will not be able to tamper with the file system or write foreign executables to disk. < br > < hr > < br > Container ' autopermissions' of Deployment ' RELEASE-NAME-firefox' should set ' securityContext.readOnlyRootFilesystem' to true < / details > | < details > < summary > Expand...< / summary > < a href = "https://kubesec.io/basics/containers-securitycontext-readonlyrootfilesystem-true/" > https://kubesec.io/basics/containers-securitycontext-readonlyrootfilesystem-true/< / a > < br > < a href = "https://avd.aquasec.com/appshield/ksv014" > https://avd.aquasec.com/appshield/ksv014< / a > < br > < / details > |
2022-03-02 12:51:49 +00:00
| Kubernetes Security Check | KSV014 | Root file system is not read-only | LOW | < details > < summary > Expand...< / summary > An immutable root file system prevents applications from writing to their local disk. This can limit intrusions, as attackers will not be able to tamper with the file system or write foreign executables to disk. < br > < hr > < br > Container ' hostpatch' of Deployment ' RELEASE-NAME-firefox' should set ' securityContext.readOnlyRootFilesystem' to true < / details > | < details > < summary > Expand...< / summary > < a href = "https://kubesec.io/basics/containers-securitycontext-readonlyrootfilesystem-true/" > https://kubesec.io/basics/containers-securitycontext-readonlyrootfilesystem-true/< / a > < br > < a href = "https://avd.aquasec.com/appshield/ksv014" > https://avd.aquasec.com/appshield/ksv014< / a > < br > < / details > |
| Kubernetes Security Check | KSV015 | CPU requests not specified | LOW | < details > < summary > Expand...< / summary > When containers have resource requests specified, the scheduler can make better decisions about which nodes to place pods on, and how to deal with resource contention. < br > < hr > < br > Container ' hostpatch' of Deployment ' RELEASE-NAME-firefox' should set ' resources.requests.cpu' < / details > | < details > < summary > Expand...< / summary > < a href = "https://cloud.google.com/blog/products/containers-kubernetes/kubernetes-best-practices-resource-requests-and-limits" > https://cloud.google.com/blog/products/containers-kubernetes/kubernetes-best-practices-resource-requests-and-limits< / a > < br > < a href = "https://avd.aquasec.com/appshield/ksv015" > https://avd.aquasec.com/appshield/ksv015< / a > < br > < / details > |
| Kubernetes Security Check | KSV016 | Memory requests not specified | LOW | < details > < summary > Expand...< / summary > When containers have memory requests specified, the scheduler can make better decisions about which nodes to place pods on, and how to deal with resource contention. < br > < hr > < br > Container ' hostpatch' of Deployment ' RELEASE-NAME-firefox' should set ' resources.requests.memory' < / details > | < details > < summary > Expand...< / summary > < a href = "https://kubesec.io/basics/containers-resources-limits-memory/" > https://kubesec.io/basics/containers-resources-limits-memory/< / a > < br > < a href = "https://avd.aquasec.com/appshield/ksv016" > https://avd.aquasec.com/appshield/ksv016< / a > < br > < / details > |
| Kubernetes Security Check | KSV017 | Privileged container | HIGH | < details > < summary > Expand...< / summary > Privileged containers share namespaces with the host system and do not offer any security. They should be used exclusively for system containers that require high privileges. < br > < hr > < br > Container ' hostpatch' of Deployment ' RELEASE-NAME-firefox' should set ' securityContext.privileged' to false < / details > | < details > < summary > Expand...< / summary > < a href = "https://kubernetes.io/docs/concepts/security/pod-security-standards/#baseline" > https://kubernetes.io/docs/concepts/security/pod-security-standards/#baseline< / a > < br > < a href = "https://avd.aquasec.com/appshield/ksv017" > https://avd.aquasec.com/appshield/ksv017< / a > < br > < / details > |
| Kubernetes Security Check | KSV018 | Memory not limited | LOW | < details > < summary > Expand...< / summary > Enforcing memory limits prevents DoS via resource exhaustion. < br > < hr > < br > Container ' hostpatch' of Deployment ' RELEASE-NAME-firefox' should set ' resources.limits.memory' < / details > | < details > < summary > Expand...< / summary > < a href = "https://kubesec.io/basics/containers-resources-limits-memory/" > https://kubesec.io/basics/containers-resources-limits-memory/< / a > < br > < a href = "https://avd.aquasec.com/appshield/ksv018" > https://avd.aquasec.com/appshield/ksv018< / a > < br > < / details > |
2021-12-12 22:42:29 +00:00
| Kubernetes Security Check | KSV020 | Runs with low user ID | MEDIUM | < details > < summary > Expand...< / summary > Force the container to run with user ID > 10000 to avoid conflicts with the host’ s user table. < br > < hr > < br > Container ' RELEASE-NAME-firefox' of Deployment ' RELEASE-NAME-firefox' should set ' securityContext.runAsUser' > 10000 < / details > | < details > < summary > Expand...< / summary > < a href = "https://kubesec.io/basics/containers-securitycontext-runasuser/" > https://kubesec.io/basics/containers-securitycontext-runasuser/< / a > < br > < a href = "https://avd.aquasec.com/appshield/ksv020" > https://avd.aquasec.com/appshield/ksv020< / a > < br > < / details > |
| Kubernetes Security Check | KSV020 | Runs with low user ID | MEDIUM | < details > < summary > Expand...< / summary > Force the container to run with user ID > 10000 to avoid conflicts with the host’ s user table. < br > < hr > < br > Container ' autopermissions' of Deployment ' RELEASE-NAME-firefox' should set ' securityContext.runAsUser' > 10000 < / details > | < details > < summary > Expand...< / summary > < a href = "https://kubesec.io/basics/containers-securitycontext-runasuser/" > https://kubesec.io/basics/containers-securitycontext-runasuser/< / a > < br > < a href = "https://avd.aquasec.com/appshield/ksv020" > https://avd.aquasec.com/appshield/ksv020< / a > < br > < / details > |
2022-03-02 12:51:49 +00:00
| Kubernetes Security Check | KSV020 | Runs with low user ID | MEDIUM | < details > < summary > Expand...< / summary > Force the container to run with user ID > 10000 to avoid conflicts with the host’ s user table. < br > < hr > < br > Container ' hostpatch' of Deployment ' RELEASE-NAME-firefox' should set ' securityContext.runAsUser' > 10000 < / details > | < details > < summary > Expand...< / summary > < a href = "https://kubesec.io/basics/containers-securitycontext-runasuser/" > https://kubesec.io/basics/containers-securitycontext-runasuser/< / a > < br > < a href = "https://avd.aquasec.com/appshield/ksv020" > https://avd.aquasec.com/appshield/ksv020< / a > < br > < / details > |
2021-12-12 22:42:29 +00:00
| Kubernetes Security Check | KSV021 | Runs with low group ID | MEDIUM | < details > < summary > Expand...< / summary > Force the container to run with group ID > 10000 to avoid conflicts with the host’ s user table. < br > < hr > < br > Container ' RELEASE-NAME-firefox' of Deployment ' RELEASE-NAME-firefox' should set ' securityContext.runAsGroup' > 10000 < / details > | < details > < summary > Expand...< / summary > < a href = "https://kubesec.io/basics/containers-securitycontext-runasuser/" > https://kubesec.io/basics/containers-securitycontext-runasuser/< / a > < br > < a href = "https://avd.aquasec.com/appshield/ksv021" > https://avd.aquasec.com/appshield/ksv021< / a > < br > < / details > |
| Kubernetes Security Check | KSV021 | Runs with low group ID | MEDIUM | < details > < summary > Expand...< / summary > Force the container to run with group ID > 10000 to avoid conflicts with the host’ s user table. < br > < hr > < br > Container ' autopermissions' of Deployment ' RELEASE-NAME-firefox' should set ' securityContext.runAsGroup' > 10000 < / details > | < details > < summary > Expand...< / summary > < a href = "https://kubesec.io/basics/containers-securitycontext-runasuser/" > https://kubesec.io/basics/containers-securitycontext-runasuser/< / a > < br > < a href = "https://avd.aquasec.com/appshield/ksv021" > https://avd.aquasec.com/appshield/ksv021< / a > < br > < / details > |
2022-03-02 12:51:49 +00:00
| Kubernetes Security Check | KSV021 | Runs with low group ID | MEDIUM | < details > < summary > Expand...< / summary > Force the container to run with group ID > 10000 to avoid conflicts with the host’ s user table. < br > < hr > < br > Container ' hostpatch' of Deployment ' RELEASE-NAME-firefox' should set ' securityContext.runAsGroup' > 10000 < / details > | < details > < summary > Expand...< / summary > < a href = "https://kubesec.io/basics/containers-securitycontext-runasuser/" > https://kubesec.io/basics/containers-securitycontext-runasuser/< / a > < br > < a href = "https://avd.aquasec.com/appshield/ksv021" > https://avd.aquasec.com/appshield/ksv021< / a > < br > < / details > |
| Kubernetes Security Check | KSV023 | hostPath volumes mounted | MEDIUM | < details > < summary > Expand...< / summary > HostPath volumes must be forbidden. < br > < hr > < br > Deployment ' RELEASE-NAME-firefox' should not set ' spec.template.volumes.hostPath' < / details > | < details > < summary > Expand...< / summary > < a href = "https://kubernetes.io/docs/concepts/security/pod-security-standards/#baseline" > https://kubernetes.io/docs/concepts/security/pod-security-standards/#baseline< / a > < br > < a href = "https://avd.aquasec.com/appshield/ksv023" > https://avd.aquasec.com/appshield/ksv023< / a > < br > < / details > |
2021-12-12 22:42:29 +00:00
| Kubernetes Security Check | KSV029 | A root primary or supplementary GID set | LOW | < details > < summary > Expand...< / summary > Containers should be forbidden from running with a root primary or supplementary GID. < br > < hr > < br > Deployment ' RELEASE-NAME-firefox' should set ' spec.securityContext.runAsGroup' , ' spec.securityContext.supplementalGroups[*]' and ' spec.securityContext.fsGroup' to integer greater than 0 < / details > | < details > < summary > Expand...< / summary > < a href = "https://kubernetes.io/docs/concepts/security/pod-security-standards/#restricted" > https://kubernetes.io/docs/concepts/security/pod-security-standards/#restricted< / a > < br > < a href = "https://avd.aquasec.com/appshield/ksv029" > https://avd.aquasec.com/appshield/ksv029< / a > < br > < / details > |
## Containers
##### Detected Containers
2022-03-26 15:30:42 +00:00
tccr.io/truecharts/alpine:v3.15.2@sha256:29ed3480a0ee43f7af681fed5d4fc215516abf1c41eade6938b26d8c9c2c7583
tccr.io/truecharts/alpine:v3.15.2@sha256:29ed3480a0ee43f7af681fed5d4fc215516abf1c41eade6938b26d8c9c2c7583
2021-12-12 22:42:29 +00:00
tccr.io/truecharts/firefox:v78.15.0
##### Scan Results
2022-03-26 15:30:42 +00:00
#### Container: tccr.io/truecharts/alpine:v3.15.2@sha256:29ed3480a0ee43f7af681fed5d4fc215516abf1c41eade6938b26d8c9c2c7583 (alpine 3.15.2)
2021-12-13 11:05:05 +00:00
2021-12-12 22:42:29 +00:00
**alpine**
2021-12-13 11:05:05 +00:00
2022-03-30 20:23:21 +00:00
| Package | Vulnerability | Severity | Installed Version | Fixed Version | Links |
|:----------------|:------------------:|:-----------:|:------------------:|:-------------:|-----------------------------------------|
2022-05-10 21:17:41 +00:00
| busybox | CVE-2022-28391 | CRITICAL | 1.34.1-r4 | 1.34.1-r5 | < details > < summary > Expand...< / summary > < a href = "https://access.redhat.com/security/cve/CVE-2022-28391" > https://access.redhat.com/security/cve/CVE-2022-28391< / a > < br > < a href = "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-28391" > https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-28391< / a > < br > < a href = "https://git.alpinelinux.org/aports/plain/main/busybox/0001-libbb-sockaddr2str-ensure-only-printable-characters-.patch" > https://git.alpinelinux.org/aports/plain/main/busybox/0001-libbb-sockaddr2str-ensure-only-printable-characters-.patch< / a > < br > < a href = "https://git.alpinelinux.org/aports/plain/main/busybox/0002-nslookup-sanitize-all-printed-strings-with-printable.patch" > https://git.alpinelinux.org/aports/plain/main/busybox/0002-nslookup-sanitize-all-printed-strings-with-printable.patch< / a > < br > < a href = "https://gitlab.alpinelinux.org/alpine/aports/-/issues/13661" > https://gitlab.alpinelinux.org/alpine/aports/-/issues/13661< / a > < br > < a href = "https://nvd.nist.gov/vuln/detail/CVE-2022-28391" > https://nvd.nist.gov/vuln/detail/CVE-2022-28391< / a > < br > < / details > |
2022-05-05 09:00:47 +00:00
| curl | CVE-2022-22576 | MEDIUM | 7.80.0-r0 | 7.80.0-r1 | < details > < summary > Expand...< / summary > < a href = "https://access.redhat.com/security/cve/CVE-2022-22576" > https://access.redhat.com/security/cve/CVE-2022-22576< / a > < br > < a href = "https://curl.se/docs/CVE-2022-22576.html" > https://curl.se/docs/CVE-2022-22576.html< / a > < br > < a href = "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22576" > https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22576< / a > < br > < a href = "https://ubuntu.com/security/notices/USN-5397-1" > https://ubuntu.com/security/notices/USN-5397-1< / a > < br > < / details > |
| curl | CVE-2022-27774 | MEDIUM | 7.80.0-r0 | 7.80.0-r1 | < details > < summary > Expand...< / summary > < a href = "https://access.redhat.com/security/cve/CVE-2022-27774" > https://access.redhat.com/security/cve/CVE-2022-27774< / a > < br > < a href = "https://curl.se/docs/CVE-2022-27774.html" > https://curl.se/docs/CVE-2022-27774.html< / a > < br > < a href = "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-27774" > https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-27774< / a > < br > < a href = "https://ubuntu.com/security/notices/USN-5397-1" > https://ubuntu.com/security/notices/USN-5397-1< / a > < br > < / details > |
| curl | CVE-2022-27776 | MEDIUM | 7.80.0-r0 | 7.80.0-r1 | < details > < summary > Expand...< / summary > < a href = "https://access.redhat.com/security/cve/CVE-2022-27776" > https://access.redhat.com/security/cve/CVE-2022-27776< / a > < br > < a href = "https://curl.se/docs/CVE-2022-27776.html" > https://curl.se/docs/CVE-2022-27776.html< / a > < br > < a href = "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-27776" > https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-27776< / a > < br > < a href = "https://ubuntu.com/security/notices/USN-5397-1" > https://ubuntu.com/security/notices/USN-5397-1< / a > < br > < / details > |
| curl | CVE-2022-27775 | LOW | 7.80.0-r0 | 7.80.0-r1 | < details > < summary > Expand...< / summary > < a href = "https://access.redhat.com/security/cve/CVE-2022-27775" > https://access.redhat.com/security/cve/CVE-2022-27775< / a > < br > < a href = "https://curl.se/docs/CVE-2022-27775.html" > https://curl.se/docs/CVE-2022-27775.html< / a > < br > < a href = "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-27775" > https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-27775< / a > < br > < a href = "https://ubuntu.com/security/notices/USN-5397-1" > https://ubuntu.com/security/notices/USN-5397-1< / a > < br > < / details > |
| libcurl | CVE-2022-22576 | MEDIUM | 7.80.0-r0 | 7.80.0-r1 | < details > < summary > Expand...< / summary > < a href = "https://access.redhat.com/security/cve/CVE-2022-22576" > https://access.redhat.com/security/cve/CVE-2022-22576< / a > < br > < a href = "https://curl.se/docs/CVE-2022-22576.html" > https://curl.se/docs/CVE-2022-22576.html< / a > < br > < a href = "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22576" > https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22576< / a > < br > < a href = "https://ubuntu.com/security/notices/USN-5397-1" > https://ubuntu.com/security/notices/USN-5397-1< / a > < br > < / details > |
| libcurl | CVE-2022-27774 | MEDIUM | 7.80.0-r0 | 7.80.0-r1 | < details > < summary > Expand...< / summary > < a href = "https://access.redhat.com/security/cve/CVE-2022-27774" > https://access.redhat.com/security/cve/CVE-2022-27774< / a > < br > < a href = "https://curl.se/docs/CVE-2022-27774.html" > https://curl.se/docs/CVE-2022-27774.html< / a > < br > < a href = "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-27774" > https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-27774< / a > < br > < a href = "https://ubuntu.com/security/notices/USN-5397-1" > https://ubuntu.com/security/notices/USN-5397-1< / a > < br > < / details > |
| libcurl | CVE-2022-27776 | MEDIUM | 7.80.0-r0 | 7.80.0-r1 | < details > < summary > Expand...< / summary > < a href = "https://access.redhat.com/security/cve/CVE-2022-27776" > https://access.redhat.com/security/cve/CVE-2022-27776< / a > < br > < a href = "https://curl.se/docs/CVE-2022-27776.html" > https://curl.se/docs/CVE-2022-27776.html< / a > < br > < a href = "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-27776" > https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-27776< / a > < br > < a href = "https://ubuntu.com/security/notices/USN-5397-1" > https://ubuntu.com/security/notices/USN-5397-1< / a > < br > < / details > |
| libcurl | CVE-2022-27775 | LOW | 7.80.0-r0 | 7.80.0-r1 | < details > < summary > Expand...< / summary > < a href = "https://access.redhat.com/security/cve/CVE-2022-27775" > https://access.redhat.com/security/cve/CVE-2022-27775< / a > < br > < a href = "https://curl.se/docs/CVE-2022-27775.html" > https://curl.se/docs/CVE-2022-27775.html< / a > < br > < a href = "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-27775" > https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-27775< / a > < br > < a href = "https://ubuntu.com/security/notices/USN-5397-1" > https://ubuntu.com/security/notices/USN-5397-1< / a > < br > < / details > |
2022-05-10 21:17:41 +00:00
| ssl_client | CVE-2022-28391 | CRITICAL | 1.34.1-r4 | 1.34.1-r5 | < details > < summary > Expand...< / summary > < a href = "https://access.redhat.com/security/cve/CVE-2022-28391" > https://access.redhat.com/security/cve/CVE-2022-28391< / a > < br > < a href = "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-28391" > https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-28391< / a > < br > < a href = "https://git.alpinelinux.org/aports/plain/main/busybox/0001-libbb-sockaddr2str-ensure-only-printable-characters-.patch" > https://git.alpinelinux.org/aports/plain/main/busybox/0001-libbb-sockaddr2str-ensure-only-printable-characters-.patch< / a > < br > < a href = "https://git.alpinelinux.org/aports/plain/main/busybox/0002-nslookup-sanitize-all-printed-strings-with-printable.patch" > https://git.alpinelinux.org/aports/plain/main/busybox/0002-nslookup-sanitize-all-printed-strings-with-printable.patch< / a > < br > < a href = "https://gitlab.alpinelinux.org/alpine/aports/-/issues/13661" > https://gitlab.alpinelinux.org/alpine/aports/-/issues/13661< / a > < br > < a href = "https://nvd.nist.gov/vuln/detail/CVE-2022-28391" > https://nvd.nist.gov/vuln/detail/CVE-2022-28391< / a > < br > < / details > |
2022-05-26 19:29:31 +00:00
| zlib | CVE-2018-25032 | HIGH | 1.2.11-r3 | 1.2.12-r0 | < details > < summary > Expand...< / summary > < a href = "http://seclists.org/fulldisclosure/2022/May/33" > http://seclists.org/fulldisclosure/2022/May/33< / a > < br > < a href = "http://seclists.org/fulldisclosure/2022/May/35" > http://seclists.org/fulldisclosure/2022/May/35< / a > < br > < a href = "http://seclists.org/fulldisclosure/2022/May/38" > http://seclists.org/fulldisclosure/2022/May/38< / a > < br > < a href = "http://www.openwall.com/lists/oss-security/2022/03/25/2" > http://www.openwall.com/lists/oss-security/2022/03/25/2< / a > < br > < a href = "http://www.openwall.com/lists/oss-security/2022/03/26/1" > http://www.openwall.com/lists/oss-security/2022/03/26/1< / a > < br > < a href = "https://access.redhat.com/security/cve/CVE-2018-25032" > https://access.redhat.com/security/cve/CVE-2018-25032< / a > < br > < a href = "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-25032" > https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-25032< / a > < br > < a href = "https://errata.almalinux.org/8/ALSA-2022-2201.html" > https://errata.almalinux.org/8/ALSA-2022-2201.html< / a > < br > < a href = "https://github.com/madler/zlib/commit/5c44459c3b28a9bd3283aaceab7c615f8020c531" > https://github.com/madler/zlib/commit/5c44459c3b28a9bd3283aaceab7c615f8020c531< / a > < br > < a href = "https://github.com/madler/zlib/compare/v1.2.11...v1.2.12" > https://github.com/madler/zlib/compare/v1.2.11...v1.2.12< / a > < br > < a href = "https://github.com/madler/zlib/issues/605" > https://github.com/madler/zlib/issues/605< / a > < br > < a href = "https://github.com/sparklemotion/nokogiri/releases/tag/v1.13.4" > https://github.com/sparklemotion/nokogiri/releases/tag/v1.13.4< / a > < br > < a href = "https://github.com/sparklemotion/nokogiri/security/advisories/GHSA-v6gp-9mmm-c6p5" > https://github.com/sparklemotion/nokogiri/security/advisories/GHSA-v6gp-9mmm-c6p5< / a > < br > < a href = "https://groups.google.com/g/ruby-security-ann/c/vX7qSjsvWis/m/TJWN4oOKBwAJ" > https://groups.google.com/g/ruby-security-ann/c/vX7qSjsvWis/m/TJWN4oOKBwAJ< / a > < br > < a href = "https://linux.oracle.com/cve/CVE-2018-25032.html" > https://linux.oracle.com/cve/CVE-2018-25032.html< / a > < br > < a href = "https://linux.oracle.com/errata/ELSA-2022-2213.html" > https://linux.oracle.com/errata/ELSA-2022-2213.html< / a > < br > < a href = "https://lists.debian.org/debian-lts-announce/2022/04/msg00000.html" > https://lists.debian.org/debian-lts-announce/2022/04/msg00000.html< / a > < br > < a href = "https://lists.debian.org/debian-lts-announce/2022/05/msg00008.html" > https://lists.debian.org/debian-lts-announce/2022/05/msg00008.html< / a > < br > < a href = "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/NS2D2GFPFGOJUL4WQ3DUAY7HF4VWQ77F/" > https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/NS2D2GFPFGOJUL4WQ3DUAY7HF4VWQ77F/< / a > < br > < a href = "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VOKNP2L734AEL47NRYGVZIKEFOUBQY5Y/" > https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VOKNP2L734AEL47NRYGVZIKEFOUBQY5Y/< / a > < br > < a href = "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XOKFMSNQ5D5WGMALBNBXU3GE442V74WU/" > https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XOKFMSNQ5D5WGMALBNBXU3GE442V74WU/< / a > < br > < a href = "https://nvd.nist.gov/vuln/detail/CVE-2018-25032" > https://nvd.nist.gov/vuln/detail/CVE-2018-25032< / a > < br > < a href = "https://security.netapp.com/advisory/ntap-20220526-0009/" > https://security.netapp.com/advisory/ntap-20220526-0009/< / a > < br > < a href = "https://support.apple.com/kb/HT213255" > https://support.apple.com/kb/HT213255< / a > < br > < a href = "https://support.apple.com/kb/HT213256" > https://support.apple.com/kb/HT213256< / a > < br > < a href = "https://support.apple.com/kb/HT213257" > https://support.apple.com/kb/HT213257< / a > < br > < a href = "https://ubuntu.com/security/notices/USN-5355-1" > https://ubuntu.com/security/notices/USN-5355-1< / a > < br > < a href = "https://ubuntu.com/security/notices/USN-5355-2" > https://ubuntu.com/security/notices/USN-5355-2< / a > < br > < a
2022-03-26 15:30:42 +00:00
#### Container: tccr.io/truecharts/alpine:v3.15.2@sha256:29ed3480a0ee43f7af681fed5d4fc215516abf1c41eade6938b26d8c9c2c7583 (alpine 3.15.2)
2022-02-06 17:25:51 +00:00
**alpine**
2022-03-30 20:23:21 +00:00
| Package | Vulnerability | Severity | Installed Version | Fixed Version | Links |
|:----------------|:------------------:|:-----------:|:------------------:|:-------------:|-----------------------------------------|
2022-05-10 21:17:41 +00:00
| busybox | CVE-2022-28391 | CRITICAL | 1.34.1-r4 | 1.34.1-r5 | < details > < summary > Expand...< / summary > < a href = "https://access.redhat.com/security/cve/CVE-2022-28391" > https://access.redhat.com/security/cve/CVE-2022-28391< / a > < br > < a href = "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-28391" > https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-28391< / a > < br > < a href = "https://git.alpinelinux.org/aports/plain/main/busybox/0001-libbb-sockaddr2str-ensure-only-printable-characters-.patch" > https://git.alpinelinux.org/aports/plain/main/busybox/0001-libbb-sockaddr2str-ensure-only-printable-characters-.patch< / a > < br > < a href = "https://git.alpinelinux.org/aports/plain/main/busybox/0002-nslookup-sanitize-all-printed-strings-with-printable.patch" > https://git.alpinelinux.org/aports/plain/main/busybox/0002-nslookup-sanitize-all-printed-strings-with-printable.patch< / a > < br > < a href = "https://gitlab.alpinelinux.org/alpine/aports/-/issues/13661" > https://gitlab.alpinelinux.org/alpine/aports/-/issues/13661< / a > < br > < a href = "https://nvd.nist.gov/vuln/detail/CVE-2022-28391" > https://nvd.nist.gov/vuln/detail/CVE-2022-28391< / a > < br > < / details > |
2022-05-05 09:00:47 +00:00
| curl | CVE-2022-22576 | MEDIUM | 7.80.0-r0 | 7.80.0-r1 | < details > < summary > Expand...< / summary > < a href = "https://access.redhat.com/security/cve/CVE-2022-22576" > https://access.redhat.com/security/cve/CVE-2022-22576< / a > < br > < a href = "https://curl.se/docs/CVE-2022-22576.html" > https://curl.se/docs/CVE-2022-22576.html< / a > < br > < a href = "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22576" > https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22576< / a > < br > < a href = "https://ubuntu.com/security/notices/USN-5397-1" > https://ubuntu.com/security/notices/USN-5397-1< / a > < br > < / details > |
| curl | CVE-2022-27774 | MEDIUM | 7.80.0-r0 | 7.80.0-r1 | < details > < summary > Expand...< / summary > < a href = "https://access.redhat.com/security/cve/CVE-2022-27774" > https://access.redhat.com/security/cve/CVE-2022-27774< / a > < br > < a href = "https://curl.se/docs/CVE-2022-27774.html" > https://curl.se/docs/CVE-2022-27774.html< / a > < br > < a href = "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-27774" > https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-27774< / a > < br > < a href = "https://ubuntu.com/security/notices/USN-5397-1" > https://ubuntu.com/security/notices/USN-5397-1< / a > < br > < / details > |
| curl | CVE-2022-27776 | MEDIUM | 7.80.0-r0 | 7.80.0-r1 | < details > < summary > Expand...< / summary > < a href = "https://access.redhat.com/security/cve/CVE-2022-27776" > https://access.redhat.com/security/cve/CVE-2022-27776< / a > < br > < a href = "https://curl.se/docs/CVE-2022-27776.html" > https://curl.se/docs/CVE-2022-27776.html< / a > < br > < a href = "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-27776" > https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-27776< / a > < br > < a href = "https://ubuntu.com/security/notices/USN-5397-1" > https://ubuntu.com/security/notices/USN-5397-1< / a > < br > < / details > |
| curl | CVE-2022-27775 | LOW | 7.80.0-r0 | 7.80.0-r1 | < details > < summary > Expand...< / summary > < a href = "https://access.redhat.com/security/cve/CVE-2022-27775" > https://access.redhat.com/security/cve/CVE-2022-27775< / a > < br > < a href = "https://curl.se/docs/CVE-2022-27775.html" > https://curl.se/docs/CVE-2022-27775.html< / a > < br > < a href = "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-27775" > https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-27775< / a > < br > < a href = "https://ubuntu.com/security/notices/USN-5397-1" > https://ubuntu.com/security/notices/USN-5397-1< / a > < br > < / details > |
| libcurl | CVE-2022-22576 | MEDIUM | 7.80.0-r0 | 7.80.0-r1 | < details > < summary > Expand...< / summary > < a href = "https://access.redhat.com/security/cve/CVE-2022-22576" > https://access.redhat.com/security/cve/CVE-2022-22576< / a > < br > < a href = "https://curl.se/docs/CVE-2022-22576.html" > https://curl.se/docs/CVE-2022-22576.html< / a > < br > < a href = "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22576" > https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22576< / a > < br > < a href = "https://ubuntu.com/security/notices/USN-5397-1" > https://ubuntu.com/security/notices/USN-5397-1< / a > < br > < / details > |
| libcurl | CVE-2022-27774 | MEDIUM | 7.80.0-r0 | 7.80.0-r1 | < details > < summary > Expand...< / summary > < a href = "https://access.redhat.com/security/cve/CVE-2022-27774" > https://access.redhat.com/security/cve/CVE-2022-27774< / a > < br > < a href = "https://curl.se/docs/CVE-2022-27774.html" > https://curl.se/docs/CVE-2022-27774.html< / a > < br > < a href = "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-27774" > https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-27774< / a > < br > < a href = "https://ubuntu.com/security/notices/USN-5397-1" > https://ubuntu.com/security/notices/USN-5397-1< / a > < br > < / details > |
| libcurl | CVE-2022-27776 | MEDIUM | 7.80.0-r0 | 7.80.0-r1 | < details > < summary > Expand...< / summary > < a href = "https://access.redhat.com/security/cve/CVE-2022-27776" > https://access.redhat.com/security/cve/CVE-2022-27776< / a > < br > < a href = "https://curl.se/docs/CVE-2022-27776.html" > https://curl.se/docs/CVE-2022-27776.html< / a > < br > < a href = "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-27776" > https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-27776< / a > < br > < a href = "https://ubuntu.com/security/notices/USN-5397-1" > https://ubuntu.com/security/notices/USN-5397-1< / a > < br > < / details > |
| libcurl | CVE-2022-27775 | LOW | 7.80.0-r0 | 7.80.0-r1 | < details > < summary > Expand...< / summary > < a href = "https://access.redhat.com/security/cve/CVE-2022-27775" > https://access.redhat.com/security/cve/CVE-2022-27775< / a > < br > < a href = "https://curl.se/docs/CVE-2022-27775.html" > https://curl.se/docs/CVE-2022-27775.html< / a > < br > < a href = "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-27775" > https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-27775< / a > < br > < a href = "https://ubuntu.com/security/notices/USN-5397-1" > https://ubuntu.com/security/notices/USN-5397-1< / a > < br > < / details > |
2022-05-10 21:17:41 +00:00
| ssl_client | CVE-2022-28391 | CRITICAL | 1.34.1-r4 | 1.34.1-r5 | < details > < summary > Expand...< / summary > < a href = "https://access.redhat.com/security/cve/CVE-2022-28391" > https://access.redhat.com/security/cve/CVE-2022-28391< / a > < br > < a href = "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-28391" > https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-28391< / a > < br > < a href = "https://git.alpinelinux.org/aports/plain/main/busybox/0001-libbb-sockaddr2str-ensure-only-printable-characters-.patch" > https://git.alpinelinux.org/aports/plain/main/busybox/0001-libbb-sockaddr2str-ensure-only-printable-characters-.patch< / a > < br > < a href = "https://git.alpinelinux.org/aports/plain/main/busybox/0002-nslookup-sanitize-all-printed-strings-with-printable.patch" > https://git.alpinelinux.org/aports/plain/main/busybox/0002-nslookup-sanitize-all-printed-strings-with-printable.patch< / a > < br > < a href = "https://gitlab.alpinelinux.org/alpine/aports/-/issues/13661" > https://gitlab.alpinelinux.org/alpine/aports/-/issues/13661< / a > < br > < a href = "https://nvd.nist.gov/vuln/detail/CVE-2022-28391" > https://nvd.nist.gov/vuln/detail/CVE-2022-28391< / a > < br > < / details > |
2022-05-26 19:29:31 +00:00
| zlib | CVE-2018-25032 | HIGH | 1.2.11-r3 | 1.2.12-r0 | < details > < summary > Expand...< / summary > < a href = "http://seclists.org/fulldisclosure/2022/May/33" > http://seclists.org/fulldisclosure/2022/May/33< / a > < br > < a href = "http://seclists.org/fulldisclosure/2022/May/35" > http://seclists.org/fulldisclosure/2022/May/35< / a > < br > < a href = "http://seclists.org/fulldisclosure/2022/May/38" > http://seclists.org/fulldisclosure/2022/May/38< / a > < br > < a href = "http://www.openwall.com/lists/oss-security/2022/03/25/2" > http://www.openwall.com/lists/oss-security/2022/03/25/2< / a > < br > < a href = "http://www.openwall.com/lists/oss-security/2022/03/26/1" > http://www.openwall.com/lists/oss-security/2022/03/26/1< / a > < br > < a href = "https://access.redhat.com/security/cve/CVE-2018-25032" > https://access.redhat.com/security/cve/CVE-2018-25032< / a > < br > < a href = "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-25032" > https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-25032< / a > < br > < a href = "https://errata.almalinux.org/8/ALSA-2022-2201.html" > https://errata.almalinux.org/8/ALSA-2022-2201.html< / a > < br > < a href = "https://github.com/madler/zlib/commit/5c44459c3b28a9bd3283aaceab7c615f8020c531" > https://github.com/madler/zlib/commit/5c44459c3b28a9bd3283aaceab7c615f8020c531< / a > < br > < a href = "https://github.com/madler/zlib/compare/v1.2.11...v1.2.12" > https://github.com/madler/zlib/compare/v1.2.11...v1.2.12< / a > < br > < a href = "https://github.com/madler/zlib/issues/605" > https://github.com/madler/zlib/issues/605< / a > < br > < a href = "https://github.com/sparklemotion/nokogiri/releases/tag/v1.13.4" > https://github.com/sparklemotion/nokogiri/releases/tag/v1.13.4< / a > < br > < a href = "https://github.com/sparklemotion/nokogiri/security/advisories/GHSA-v6gp-9mmm-c6p5" > https://github.com/sparklemotion/nokogiri/security/advisories/GHSA-v6gp-9mmm-c6p5< / a > < br > < a href = "https://groups.google.com/g/ruby-security-ann/c/vX7qSjsvWis/m/TJWN4oOKBwAJ" > https://groups.google.com/g/ruby-security-ann/c/vX7qSjsvWis/m/TJWN4oOKBwAJ< / a > < br > < a href = "https://linux.oracle.com/cve/CVE-2018-25032.html" > https://linux.oracle.com/cve/CVE-2018-25032.html< / a > < br > < a href = "https://linux.oracle.com/errata/ELSA-2022-2213.html" > https://linux.oracle.com/errata/ELSA-2022-2213.html< / a > < br > < a href = "https://lists.debian.org/debian-lts-announce/2022/04/msg00000.html" > https://lists.debian.org/debian-lts-announce/2022/04/msg00000.html< / a > < br > < a href = "https://lists.debian.org/debian-lts-announce/2022/05/msg00008.html" > https://lists.debian.org/debian-lts-announce/2022/05/msg00008.html< / a > < br > < a href = "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/NS2D2GFPFGOJUL4WQ3DUAY7HF4VWQ77F/" > https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/NS2D2GFPFGOJUL4WQ3DUAY7HF4VWQ77F/< / a > < br > < a href = "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VOKNP2L734AEL47NRYGVZIKEFOUBQY5Y/" > https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VOKNP2L734AEL47NRYGVZIKEFOUBQY5Y/< / a > < br > < a href = "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XOKFMSNQ5D5WGMALBNBXU3GE442V74WU/" > https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XOKFMSNQ5D5WGMALBNBXU3GE442V74WU/< / a > < br > < a href = "https://nvd.nist.gov/vuln/detail/CVE-2018-25032" > https://nvd.nist.gov/vuln/detail/CVE-2018-25032< / a > < br > < a href = "https://security.netapp.com/advisory/ntap-20220526-0009/" > https://security.netapp.com/advisory/ntap-20220526-0009/< / a > < br > < a href = "https://support.apple.com/kb/HT213255" > https://support.apple.com/kb/HT213255< / a > < br > < a href = "https://support.apple.com/kb/HT213256" > https://support.apple.com/kb/HT213256< / a > < br > < a href = "https://support.apple.com/kb/HT213257" > https://support.apple.com/kb/HT213257< / a > < br > < a href = "https://ubuntu.com/security/notices/USN-5355-1" > https://ubuntu.com/security/notices/USN-5355-1< / a > < br > < a href = "https://ubuntu.com/security/notices/USN-5355-2" > https://ubuntu.com/security/notices/USN-5355-2< / a > < br > < a
2021-12-12 22:42:29 +00:00
#### Container: Node.js
2021-12-13 11:05:05 +00:00
2021-12-12 22:42:29 +00:00
**node-pkg**
2021-12-13 11:05:05 +00:00
2021-12-12 22:42:29 +00:00
| Package | Vulnerability | Severity | Installed Version | Fixed Version | Links |
|:----------------|:------------------:|:-----------:|:------------------:|:-------------:|-----------------------------------------|
2022-05-05 09:00:47 +00:00
| async | CVE-2021-43138 | HIGH | 0.9.2 | 2.6.4, 3.2.2 | < details > < summary > Expand...< / summary > < a href = "https://github.com/advisories/GHSA-fwr7-v2mv-hh25" > https://github.com/advisories/GHSA-fwr7-v2mv-hh25< / a > < br > < a href = "https://github.com/caolan/async/blob/master/lib/internal/iterator.js" > https://github.com/caolan/async/blob/master/lib/internal/iterator.js< / a > < br > < a href = "https://github.com/caolan/async/blob/master/lib/mapValuesLimit.js" > https://github.com/caolan/async/blob/master/lib/mapValuesLimit.js< / a > < br > < a href = "https://github.com/caolan/async/blob/v2.6.4/CHANGELOG.md#v264" > https://github.com/caolan/async/blob/v2.6.4/CHANGELOG.md#v264< / a > < br > < a href = "https://github.com/caolan/async/commit/8f7f90342a6571ba1c197d747ebed30c368096d2" > https://github.com/caolan/async/commit/8f7f90342a6571ba1c197d747ebed30c368096d2< / a > < br > < a href = "https://github.com/caolan/async/commit/e1ecdbf79264f9ab488c7799f4c76996d5dca66d" > https://github.com/caolan/async/commit/e1ecdbf79264f9ab488c7799f4c76996d5dca66d< / a > < br > < a href = "https://github.com/caolan/async/compare/v2.6.3...v2.6.4" > https://github.com/caolan/async/compare/v2.6.3...v2.6.4< / a > < br > < a href = "https://github.com/caolan/async/pull/1828" > https://github.com/caolan/async/pull/1828< / a > < br > < a href = "https://jsfiddle.net/oz5twjd9/" > https://jsfiddle.net/oz5twjd9/< / a > < br > < a href = "https://nvd.nist.gov/vuln/detail/CVE-2021-43138" > https://nvd.nist.gov/vuln/detail/CVE-2021-43138< / a > < br > < / details > |
2022-05-17 08:50:16 +00:00
| deep-extend | CVE-2018-3750 | CRITICAL | 0.4.2 | 0.5.1 | < details > < summary > Expand...< / summary > < a href = "https://access.redhat.com/security/cve/CVE-2018-3750" > https://access.redhat.com/security/cve/CVE-2018-3750< / a > < br > < a href = "https://errata.almalinux.org/8/ALSA-2021-0549.html" > https://errata.almalinux.org/8/ALSA-2021-0549.html< / a > < br > < a href = "https://github.com/advisories/GHSA-hr2v-3952-633q" > https://github.com/advisories/GHSA-hr2v-3952-633q< / a > < br > < a href = "https://hackerone.com/reports/311333" > https://hackerone.com/reports/311333< / a > < br > < a href = "https://nodesecurity.io/advisories/612" > https://nodesecurity.io/advisories/612< / a > < br > < a href = "https://nvd.nist.gov/vuln/detail/CVE-2018-3750" > https://nvd.nist.gov/vuln/detail/CVE-2018-3750< / a > < br > < a href = "https://www.npmjs.com/advisories/612" > https://www.npmjs.com/advisories/612< / a > < br > < / details > |
2021-12-12 22:42:29 +00:00
| deep-extend | NSWG-ECO-408 | LOW | 0.4.2 | > =0.5.1 | < details > < summary > Expand...< / summary > < a href = "https://hackerone.com/reports/311333" > https://hackerone.com/reports/311333< / a > < br > < / details > |
2022-05-05 09:00:47 +00:00
| ejs | CVE-2022-29078 | HIGH | 3.1.6 | 3.1.7 | < details > < summary > Expand...< / summary > < a href = "https://access.redhat.com/security/cve/CVE-2022-29078" > https://access.redhat.com/security/cve/CVE-2022-29078< / a > < br > < a href = "https://eslam.io/posts/ejs-server-side-template-injection-rce/" > https://eslam.io/posts/ejs-server-side-template-injection-rce/< / a > < br > < a href = "https://github.com/advisories/GHSA-phwq-j96m-2c2q" > https://github.com/advisories/GHSA-phwq-j96m-2c2q< / a > < br > < a href = "https://github.com/mde/ejs/commit/15ee698583c98dadc456639d6245580d17a24baf" > https://github.com/mde/ejs/commit/15ee698583c98dadc456639d6245580d17a24baf< / a > < br > < a href = "https://github.com/mde/ejs/releases" > https://github.com/mde/ejs/releases< / a > < br > < a href = "https://nvd.nist.gov/vuln/detail/CVE-2022-29078" > https://nvd.nist.gov/vuln/detail/CVE-2022-29078< / a > < br > < / details > |
2022-01-18 16:08:04 +00:00
| engine.io | CVE-2022-21676 | HIGH | 4.1.1 | 6.1.1, 5.2.1, 4.1.2 | < details > < summary > Expand...< / summary > < a href = "https://github.com/advisories/GHSA-273r-mgr4-v34f" > https://github.com/advisories/GHSA-273r-mgr4-v34f< / a > < br > < a href = "https://github.com/socketio/engine.io/commit/66f889fc1d966bf5bfa0de1939069153643874ab" > https://github.com/socketio/engine.io/commit/66f889fc1d966bf5bfa0de1939069153643874ab< / a > < br > < a href = "https://github.com/socketio/engine.io/commit/a70800d7e96da32f6e6622804ef659ebc58659db" > https://github.com/socketio/engine.io/commit/a70800d7e96da32f6e6622804ef659ebc58659db< / a > < br > < a href = "https://github.com/socketio/engine.io/commit/c0e194d44933bd83bf9a4b126fca68ba7bf5098c" > https://github.com/socketio/engine.io/commit/c0e194d44933bd83bf9a4b126fca68ba7bf5098c< / a > < br > < a href = "https://github.com/socketio/engine.io/releases/tag/4.1.2" > https://github.com/socketio/engine.io/releases/tag/4.1.2< / a > < br > < a href = "https://github.com/socketio/engine.io/releases/tag/5.2.1" > https://github.com/socketio/engine.io/releases/tag/5.2.1< / a > < br > < a href = "https://github.com/socketio/engine.io/releases/tag/6.1.1" > https://github.com/socketio/engine.io/releases/tag/6.1.1< / a > < br > < a href = "https://github.com/socketio/engine.io/security/advisories/GHSA-273r-mgr4-v34f" > https://github.com/socketio/engine.io/security/advisories/GHSA-273r-mgr4-v34f< / a > < br > < a href = "https://nvd.nist.gov/vuln/detail/CVE-2022-21676" > https://nvd.nist.gov/vuln/detail/CVE-2022-21676< / a > < br > < / details > |
| engine.io | CVE-2022-21676 | HIGH | 6.1.0 | 6.1.1, 5.2.1, 4.1.2 | < details > < summary > Expand...< / summary > < a href = "https://github.com/advisories/GHSA-273r-mgr4-v34f" > https://github.com/advisories/GHSA-273r-mgr4-v34f< / a > < br > < a href = "https://github.com/socketio/engine.io/commit/66f889fc1d966bf5bfa0de1939069153643874ab" > https://github.com/socketio/engine.io/commit/66f889fc1d966bf5bfa0de1939069153643874ab< / a > < br > < a href = "https://github.com/socketio/engine.io/commit/a70800d7e96da32f6e6622804ef659ebc58659db" > https://github.com/socketio/engine.io/commit/a70800d7e96da32f6e6622804ef659ebc58659db< / a > < br > < a href = "https://github.com/socketio/engine.io/commit/c0e194d44933bd83bf9a4b126fca68ba7bf5098c" > https://github.com/socketio/engine.io/commit/c0e194d44933bd83bf9a4b126fca68ba7bf5098c< / a > < br > < a href = "https://github.com/socketio/engine.io/releases/tag/4.1.2" > https://github.com/socketio/engine.io/releases/tag/4.1.2< / a > < br > < a href = "https://github.com/socketio/engine.io/releases/tag/5.2.1" > https://github.com/socketio/engine.io/releases/tag/5.2.1< / a > < br > < a href = "https://github.com/socketio/engine.io/releases/tag/6.1.1" > https://github.com/socketio/engine.io/releases/tag/6.1.1< / a > < br > < a href = "https://github.com/socketio/engine.io/security/advisories/GHSA-273r-mgr4-v34f" > https://github.com/socketio/engine.io/security/advisories/GHSA-273r-mgr4-v34f< / a > < br > < a href = "https://nvd.nist.gov/vuln/detail/CVE-2022-21676" > https://nvd.nist.gov/vuln/detail/CVE-2022-21676< / a > < br > < / details > |
2022-01-13 17:23:23 +00:00
| markdown-it | CVE-2022-21670 | MEDIUM | 12.2.0 | 12.3.2 | < details > < summary > Expand...< / summary > < a href = "https://github.com/advisories/GHSA-6vfc-qv3f-vr6c" > https://github.com/advisories/GHSA-6vfc-qv3f-vr6c< / a > < br > < a href = "https://github.com/markdown-it/markdown-it/commit/ffc49ab46b5b751cd2be0aabb146f2ef84986101" > https://github.com/markdown-it/markdown-it/commit/ffc49ab46b5b751cd2be0aabb146f2ef84986101< / a > < br > < a href = "https://github.com/markdown-it/markdown-it/security/advisories/GHSA-6vfc-qv3f-vr6c" > https://github.com/markdown-it/markdown-it/security/advisories/GHSA-6vfc-qv3f-vr6c< / a > < br > < a href = "https://nvd.nist.gov/vuln/detail/CVE-2022-21670" > https://nvd.nist.gov/vuln/detail/CVE-2022-21670< / a > < br > < / details > |
2022-05-18 20:10:07 +00:00
| minimist | CVE-2021-44906 | CRITICAL | 1.2.5 | 1.2.6 | < details > < summary > Expand...< / summary > < a href = "https://access.redhat.com/security/cve/CVE-2021-44906" > https://access.redhat.com/security/cve/CVE-2021-44906< / a > < br > < a href = "https://github.com/Marynk/JavaScript-vulnerability-detection/blob/main/minimist%20PoC.zip" > https://github.com/Marynk/JavaScript-vulnerability-detection/blob/main/minimist%20PoC.zip< / a > < br > < a href = "https://github.com/advisories/GHSA-xvch-5gv4-984h" > https://github.com/advisories/GHSA-xvch-5gv4-984h< / a > < br > < a href = "https://github.com/substack/minimist/blob/master/index.js#L69" > https://github.com/substack/minimist/blob/master/index.js#L69< / a > < br > < a href = "https://github.com/substack/minimist/issues/164" > https://github.com/substack/minimist/issues/164< / a > < br > < a href = "https://nvd.nist.gov/vuln/detail/CVE-2021-44906" > https://nvd.nist.gov/vuln/detail/CVE-2021-44906< / a > < br > < a href = "https://security.snyk.io/vuln/SNYK-JS-MINIMIST-559764" > https://security.snyk.io/vuln/SNYK-JS-MINIMIST-559764< / a > < br > < a href = "https://snyk.io/vuln/SNYK-JS-MINIMIST-559764" > https://snyk.io/vuln/SNYK-JS-MINIMIST-559764< / a > < br > < a href = "https://stackoverflow.com/questions/8588563/adding-custom-properties-to-a-function/20278068#20278068" > https://stackoverflow.com/questions/8588563/adding-custom-properties-to-a-function/20278068#20278068< / a > < br > < / details > |
2022-05-17 08:50:16 +00:00
| moment | CVE-2022-24785 | HIGH | 2.29.1 | 2.29.2 | < details > < summary > Expand...< / summary > < a href = "https://access.redhat.com/security/cve/CVE-2022-24785" > https://access.redhat.com/security/cve/CVE-2022-24785< / a > < br > < a href = "https://github.com/advisories/GHSA-8hfj-j24r-96c4" > https://github.com/advisories/GHSA-8hfj-j24r-96c4< / a > < br > < a href = "https://github.com/moment/moment/commit/4211bfc8f15746be4019bba557e29a7ba83d54c5" > https://github.com/moment/moment/commit/4211bfc8f15746be4019bba557e29a7ba83d54c5< / a > < br > < a href = "https://github.com/moment/moment/security/advisories/GHSA-8hfj-j24r-96c4" > https://github.com/moment/moment/security/advisories/GHSA-8hfj-j24r-96c4< / a > < br > < a href = "https://nvd.nist.gov/vuln/detail/CVE-2022-24785" > https://nvd.nist.gov/vuln/detail/CVE-2022-24785< / a > < br > < a href = "https://security.netapp.com/advisory/ntap-20220513-0006/" > https://security.netapp.com/advisory/ntap-20220513-0006/< / a > < br > < a href = "https://www.tenable.com/security/tns-2022-09" > https://www.tenable.com/security/tns-2022-09< / a > < br > < / details > |
2022-03-30 20:23:21 +00:00
| node-fetch | CVE-2022-0235 | HIGH | 2.6.6 | 2.6.7, 3.1.1 | < details > < summary > Expand...< / summary > < a href = "https://access.redhat.com/security/cve/CVE-2022-0235" > https://access.redhat.com/security/cve/CVE-2022-0235< / a > < br > < a href = "https://github.com/advisories/GHSA-r683-j2x4-v87g" > https://github.com/advisories/GHSA-r683-j2x4-v87g< / a > < br > < a href = "https://github.com/node-fetch/node-fetch/commit/36e47e8a6406185921e4985dcbeff140d73eaa10" > https://github.com/node-fetch/node-fetch/commit/36e47e8a6406185921e4985dcbeff140d73eaa10< / a > < br > < a href = "https://github.com/node-fetch/node-fetch/commit/5c32f002fdd65b1c6a8f1e3620210813d45c7e60" > https://github.com/node-fetch/node-fetch/commit/5c32f002fdd65b1c6a8f1e3620210813d45c7e60< / a > < br > < a href = "https://github.com/node-fetch/node-fetch/pull/1453" > https://github.com/node-fetch/node-fetch/pull/1453< / a > < br > < a href = "https://huntr.dev/bounties/d26ab655-38d6-48b3-be15-f9ad6b6ae6f7" > https://huntr.dev/bounties/d26ab655-38d6-48b3-be15-f9ad6b6ae6f7< / a > < br > < a href = "https://huntr.dev/bounties/d26ab655-38d6-48b3-be15-f9ad6b6ae6f7/" > https://huntr.dev/bounties/d26ab655-38d6-48b3-be15-f9ad6b6ae6f7/< / a > < br > < a href = "https://nvd.nist.gov/vuln/detail/CVE-2022-0235" > https://nvd.nist.gov/vuln/detail/CVE-2022-0235< / a > < br > < / details > |
| simple-get | CVE-2022-0355 | HIGH | 3.1.0 | 2.8.2, 3.1.1, 4.0.1 | < details > < summary > Expand...< / summary > < a href = "https://access.redhat.com/security/cve/CVE-2022-0355" > https://access.redhat.com/security/cve/CVE-2022-0355< / a > < br > < a href = "https://github.com/advisories/GHSA-wpg7-2c88-r8xv" > https://github.com/advisories/GHSA-wpg7-2c88-r8xv< / a > < br > < a href = "https://github.com/feross/simple-get/commit/e4af095e06cd69a9235013e8507e220a79b9684f" > https://github.com/feross/simple-get/commit/e4af095e06cd69a9235013e8507e220a79b9684f< / a > < br > < a href = "https://github.com/feross/simple-get/pull/75#issuecomment-1027755026" > https://github.com/feross/simple-get/pull/75#issuecomment-1027755026< / a > < br > < a href = "https://github.com/feross/simple-get/pull/76#issuecomment-1027754710" > https://github.com/feross/simple-get/pull/76#issuecomment-1027754710< / a > < br > < a href = "https://huntr.dev/bounties/42c79c23-6646-46c4-871d-219c0d4b4e31" > https://huntr.dev/bounties/42c79c23-6646-46c4-871d-219c0d4b4e31< / a > < br > < a href = "https://nvd.nist.gov/vuln/detail/CVE-2022-0355" > https://nvd.nist.gov/vuln/detail/CVE-2022-0355< / a > < br > < / details > |
2021-12-18 20:15:26 +00:00
**gobinary**
2021-12-21 18:46:27 +00:00
| Package | Vulnerability | Severity | Installed Version | Fixed Version | Links |
|:----------------|:------------------:|:-----------:|:------------------:|:-------------:|-----------------------------------------|
2022-05-24 07:26:11 +00:00
| github.com/containerd/imgcrypt | CVE-2022-24778 | HIGH | v1.1.1 | v1.1.4 | < details > < summary > Expand...< / summary > < a href = "https://access.redhat.com/security/cve/CVE-2022-24778" > https://access.redhat.com/security/cve/CVE-2022-24778< / a > < br > < a href = "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24778" > https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24778< / a > < br > < a href = "https://github.com/advisories/GHSA-8v99-48m9-c8pm" > https://github.com/advisories/GHSA-8v99-48m9-c8pm< / a > < br > < a href = "https://github.com/containerd/imgcrypt/commit/6fdd9818a4d8142107b7ecd767d839c9707700d9" > https://github.com/containerd/imgcrypt/commit/6fdd9818a4d8142107b7ecd767d839c9707700d9< / a > < br > < a href = "https://github.com/containerd/imgcrypt/issues/69" > https://github.com/containerd/imgcrypt/issues/69< / a > < br > < a href = "https://github.com/containerd/imgcrypt/releases/tag/v1.1.4" > https://github.com/containerd/imgcrypt/releases/tag/v1.1.4< / a > < br > < a href = "https://github.com/containerd/imgcrypt/security/advisories/GHSA-8v99-48m9-c8pm" > https://github.com/containerd/imgcrypt/security/advisories/GHSA-8v99-48m9-c8pm< / a > < br > < a href = "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4SJUNSC7YZLA745EMKWK2GKEV57GE52K/" > https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4SJUNSC7YZLA745EMKWK2GKEV57GE52K/< / a > < br > < a href = "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TAHAAOOA3KZJC2I5WHCR3XVBJBNWTWUE/" > https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TAHAAOOA3KZJC2I5WHCR3XVBJBNWTWUE/< / a > < br > < a href = "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZFTJR5CR5EOYDVOSBZEMLBHLJRTPJPUA/" > https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZFTJR5CR5EOYDVOSBZEMLBHLJRTPJPUA/< / a > < br > < a href = "https://nvd.nist.gov/vuln/detail/CVE-2022-24778" > https://nvd.nist.gov/vuln/detail/CVE-2022-24778< / a > < br > < / details > |
2022-01-13 00:08:34 +00:00
| github.com/opencontainers/image-spec | GMS-2021-101 | UNKNOWN | v1.0.1 | 1.0.2 | < details > < summary > Expand...< / summary > < a href = "https://github.com/advisories/GHSA-77vh-xpmg-72qh" > https://github.com/advisories/GHSA-77vh-xpmg-72qh< / a > < br > < a href = "https://github.com/opencontainers/distribution-spec/security/advisories/GHSA-mc8v-mgrf-8f4m" > https://github.com/opencontainers/distribution-spec/security/advisories/GHSA-mc8v-mgrf-8f4m< / a > < br > < a href = "https://github.com/opencontainers/image-spec/commit/693428a734f5bab1a84bd2f990d92ef1111cd60c" > https://github.com/opencontainers/image-spec/commit/693428a734f5bab1a84bd2f990d92ef1111cd60c< / a > < br > < a href = "https://github.com/opencontainers/image-spec/releases/tag/v1.0.2" > https://github.com/opencontainers/image-spec/releases/tag/v1.0.2< / a > < br > < a href = "https://github.com/opencontainers/image-spec/security/advisories/GHSA-77vh-xpmg-72qh" > https://github.com/opencontainers/image-spec/security/advisories/GHSA-77vh-xpmg-72qh< / a > < br > < / details > |
2022-03-30 20:23:21 +00:00
| github.com/opencontainers/runc | CVE-2021-43784 | MEDIUM | v1.0.2 | v1.0.3 | < details > < summary > Expand...< / summary > < a href = "https://access.redhat.com/security/cve/CVE-2021-43784" > https://access.redhat.com/security/cve/CVE-2021-43784< / a > < br > < a href = "https://bugs.chromium.org/p/project-zero/issues/detail?id=2241" > https://bugs.chromium.org/p/project-zero/issues/detail?id=2241< / a > < br > < a href = "https://github.com/opencontainers/runc/commit/9c444070ec7bb83995dbc0185da68284da71c554" > https://github.com/opencontainers/runc/commit/9c444070ec7bb83995dbc0185da68284da71c554< / a > < br > < a href = "https://github.com/opencontainers/runc/commit/d72d057ba794164c3cce9451a00b72a78b25e1ae" > https://github.com/opencontainers/runc/commit/d72d057ba794164c3cce9451a00b72a78b25e1ae< / a > < br > < a href = "https://github.com/opencontainers/runc/commit/f50369af4b571e358f20b139eea52d612eb55eed" > https://github.com/opencontainers/runc/commit/f50369af4b571e358f20b139eea52d612eb55eed< / a > < br > < a href = "https://github.com/opencontainers/runc/security/advisories/GHSA-v95c-p5hm-xq8f" > https://github.com/opencontainers/runc/security/advisories/GHSA-v95c-p5hm-xq8f< / a > < br > < a href = "https://lists.debian.org/debian-lts-announce/2021/12/msg00005.html" > https://lists.debian.org/debian-lts-announce/2021/12/msg00005.html< / a > < br > < a href = "https://nvd.nist.gov/vuln/detail/CVE-2021-43784" > https://nvd.nist.gov/vuln/detail/CVE-2021-43784< / a > < br > < / details > |
2022-05-24 07:26:11 +00:00
| github.com/opencontainers/runc | CVE-2022-24769 | MEDIUM | v1.0.2 | v1.1.2 | < details > < summary > Expand...< / summary > < a href = "http://www.openwall.com/lists/oss-security/2022/05/12/1" > http://www.openwall.com/lists/oss-security/2022/05/12/1< / a > < br > < a href = "https://access.redhat.com/security/cve/CVE-2022-24769" > https://access.redhat.com/security/cve/CVE-2022-24769< / a > < br > < a href = "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24769" > https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24769< / a > < br > < a href = "https://github.com/containerd/containerd/security/advisories/GHSA-c9cp-9c75-9v8c" > https://github.com/containerd/containerd/security/advisories/GHSA-c9cp-9c75-9v8c< / a > < br > < a href = "https://github.com/moby/moby/commit/2bbc786e4c59761d722d2d1518cd0a32829bc07f" > https://github.com/moby/moby/commit/2bbc786e4c59761d722d2d1518cd0a32829bc07f< / a > < br > < a href = "https://github.com/moby/moby/releases/tag/v20.10.14" > https://github.com/moby/moby/releases/tag/v20.10.14< / a > < br > < a href = "https://github.com/moby/moby/security/advisories/GHSA-2mm7-x5h6-5pvq" > https://github.com/moby/moby/security/advisories/GHSA-2mm7-x5h6-5pvq< / a > < br > < a href = "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6PMQKCAPK2AR3DCYITJYMMNBEGQBGLCC/" > https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6PMQKCAPK2AR3DCYITJYMMNBEGQBGLCC/< / a > < br > < a href = "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/A5AFKOQ5CE3CEIULWW4FLQKHFFU6FSYG/" > https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/A5AFKOQ5CE3CEIULWW4FLQKHFFU6FSYG/< / a > < br > < a href = "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/A5FQJ3MLFSEKQYCFPFZIKYGBXPZUJFVY/" > https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/A5FQJ3MLFSEKQYCFPFZIKYGBXPZUJFVY/< / a > < br > < a href = "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FPOJUJZXGMIVKRS4QR75F6OIXNQ6LDBL/" > https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FPOJUJZXGMIVKRS4QR75F6OIXNQ6LDBL/< / a > < br > < a href = "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HIMAHZ6AUIKN7AX26KHZYBXVECIOVWBH/" > https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HIMAHZ6AUIKN7AX26KHZYBXVECIOVWBH/< / a > < br > < a href = "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HQCVS7WBFSTKJFNX5PGDRARMTOFWV2O7/" > https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HQCVS7WBFSTKJFNX5PGDRARMTOFWV2O7/< / a > < br > < a href = "https://nvd.nist.gov/vuln/detail/CVE-2022-24769" > https://nvd.nist.gov/vuln/detail/CVE-2022-24769< / a > < br > < / details > |
2022-05-17 08:50:16 +00:00
| golang.org/x/crypto | CVE-2022-27191 | HIGH | v0.0.0-20210322153248-0c34fe9e7dc2 | 0.0.0-20220315160706-3147a52a75dd | < details > < summary > Expand...< / summary > < a href = "https://access.redhat.com/security/cve/CVE-2022-27191" > https://access.redhat.com/security/cve/CVE-2022-27191< / a > < br > < a href = "https://github.com/advisories/GHSA-8c26-wmh5-6g9v" > https://github.com/advisories/GHSA-8c26-wmh5-6g9v< / a > < br > < a href = "https://groups.google.com/g/golang-announce" > https://groups.google.com/g/golang-announce< / a > < br > < a href = "https://groups.google.com/g/golang-announce/c/-cp44ypCT5s" > https://groups.google.com/g/golang-announce/c/-cp44ypCT5s< / a > < br > < a href = "https://groups.google.com/g/golang-announce/c/-cp44ypCT5s/m/wmegxkLiAQAJ" > https://groups.google.com/g/golang-announce/c/-cp44ypCT5s/m/wmegxkLiAQAJ< / a > < br > < a href = "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DLUJZV3HBP56ADXU6QH2V7RNYUPMVBXQ/" > https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DLUJZV3HBP56ADXU6QH2V7RNYUPMVBXQ/< / a > < br > < a href = "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/EZ3S7LB65N54HXXBCB67P4TTOHTNPP5O/" > https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/EZ3S7LB65N54HXXBCB67P4TTOHTNPP5O/< / a > < br > < a href = "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HHGBEGJ54DZZGTXFUQNS7ZIG3E624YAF/" > https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HHGBEGJ54DZZGTXFUQNS7ZIG3E624YAF/< / a > < br > < a href = "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/J5WPM42UR6XIBQNQPNQHM32X7S4LJTRX/" > https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/J5WPM42UR6XIBQNQPNQHM32X7S4LJTRX/< / a > < br > < a href = "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QTFOIDHQRGNI4P6LYN6ILH5G443RYYKB/" > https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QTFOIDHQRGNI4P6LYN6ILH5G443RYYKB/< / a > < br > < a href = "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/YHYRQB7TRMHDB3NEHW5XBRG7PPMUTPGV/" > https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/YHYRQB7TRMHDB3NEHW5XBRG7PPMUTPGV/< / a > < br > < a href = "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZFUNHFHQVJSADNH7EZ3B53CYDZVEEPBP/" > https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZFUNHFHQVJSADNH7EZ3B53CYDZVEEPBP/< / a > < br > < a href = "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZQNPPQWSTP2IX7SHE6TS4SP4EVMI5EZK/" > https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZQNPPQWSTP2IX7SHE6TS4SP4EVMI5EZK/< / a > < br > < a href = "https://nvd.nist.gov/vuln/detail/CVE-2022-27191" > https://nvd.nist.gov/vuln/detail/CVE-2022-27191< / a > < br > < a href = "https://security.netapp.com/advisory/ntap-20220429-0002/" > https://security.netapp.com/advisory/ntap-20220429-0002/< / a > < br > < / details > |
2022-03-30 20:23:21 +00:00
| golang.org/x/text | CVE-2021-38561 | UNKNOWN | v0.3.4 | 0.3.7 | < details > < summary > Expand...< / summary > < a href = "https://go-review.googlesource.com/c/text/+/340830" > https://go-review.googlesource.com/c/text/+/340830< / a > < br > < a href = "https://go.googlesource.com/text/+/383b2e75a7a4198c42f8f87833eefb772868a56f" > https://go.googlesource.com/text/+/383b2e75a7a4198c42f8f87833eefb772868a56f< / a > < br > < a href = "https://pkg.go.dev/vuln/GO-2021-0113" > https://pkg.go.dev/vuln/GO-2021-0113< / a > < br > < / details > |
2021-12-18 20:15:26 +00:00
**gobinary**
| No Vulnerabilities found |
|:---------------------------------|
**gobinary**
| No Vulnerabilities found |
|:---------------------------------|
**gobinary**
| No Vulnerabilities found |
|:---------------------------------|
**gobinary**
2021-12-21 18:46:27 +00:00
| Package | Vulnerability | Severity | Installed Version | Fixed Version | Links |
|:----------------|:------------------:|:-----------:|:------------------:|:-------------:|-----------------------------------------|
2022-01-13 00:08:34 +00:00
| github.com/opencontainers/image-spec | GMS-2021-101 | UNKNOWN | v1.0.1 | 1.0.2 | < details > < summary > Expand...< / summary > < a href = "https://github.com/advisories/GHSA-77vh-xpmg-72qh" > https://github.com/advisories/GHSA-77vh-xpmg-72qh< / a > < br > < a href = "https://github.com/opencontainers/distribution-spec/security/advisories/GHSA-mc8v-mgrf-8f4m" > https://github.com/opencontainers/distribution-spec/security/advisories/GHSA-mc8v-mgrf-8f4m< / a > < br > < a href = "https://github.com/opencontainers/image-spec/commit/693428a734f5bab1a84bd2f990d92ef1111cd60c" > https://github.com/opencontainers/image-spec/commit/693428a734f5bab1a84bd2f990d92ef1111cd60c< / a > < br > < a href = "https://github.com/opencontainers/image-spec/releases/tag/v1.0.2" > https://github.com/opencontainers/image-spec/releases/tag/v1.0.2< / a > < br > < a href = "https://github.com/opencontainers/image-spec/security/advisories/GHSA-77vh-xpmg-72qh" > https://github.com/opencontainers/image-spec/security/advisories/GHSA-77vh-xpmg-72qh< / a > < br > < / details > |
2022-03-30 20:23:21 +00:00
| github.com/opencontainers/runc | CVE-2021-43784 | MEDIUM | v1.0.2 | v1.0.3 | < details > < summary > Expand...< / summary > < a href = "https://access.redhat.com/security/cve/CVE-2021-43784" > https://access.redhat.com/security/cve/CVE-2021-43784< / a > < br > < a href = "https://bugs.chromium.org/p/project-zero/issues/detail?id=2241" > https://bugs.chromium.org/p/project-zero/issues/detail?id=2241< / a > < br > < a href = "https://github.com/opencontainers/runc/commit/9c444070ec7bb83995dbc0185da68284da71c554" > https://github.com/opencontainers/runc/commit/9c444070ec7bb83995dbc0185da68284da71c554< / a > < br > < a href = "https://github.com/opencontainers/runc/commit/d72d057ba794164c3cce9451a00b72a78b25e1ae" > https://github.com/opencontainers/runc/commit/d72d057ba794164c3cce9451a00b72a78b25e1ae< / a > < br > < a href = "https://github.com/opencontainers/runc/commit/f50369af4b571e358f20b139eea52d612eb55eed" > https://github.com/opencontainers/runc/commit/f50369af4b571e358f20b139eea52d612eb55eed< / a > < br > < a href = "https://github.com/opencontainers/runc/security/advisories/GHSA-v95c-p5hm-xq8f" > https://github.com/opencontainers/runc/security/advisories/GHSA-v95c-p5hm-xq8f< / a > < br > < a href = "https://lists.debian.org/debian-lts-announce/2021/12/msg00005.html" > https://lists.debian.org/debian-lts-announce/2021/12/msg00005.html< / a > < br > < a href = "https://nvd.nist.gov/vuln/detail/CVE-2021-43784" > https://nvd.nist.gov/vuln/detail/CVE-2021-43784< / a > < br > < / details > |
2022-05-24 07:26:11 +00:00
| github.com/opencontainers/runc | CVE-2022-24769 | MEDIUM | v1.0.2 | v1.1.2 | < details > < summary > Expand...< / summary > < a href = "http://www.openwall.com/lists/oss-security/2022/05/12/1" > http://www.openwall.com/lists/oss-security/2022/05/12/1< / a > < br > < a href = "https://access.redhat.com/security/cve/CVE-2022-24769" > https://access.redhat.com/security/cve/CVE-2022-24769< / a > < br > < a href = "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24769" > https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24769< / a > < br > < a href = "https://github.com/containerd/containerd/security/advisories/GHSA-c9cp-9c75-9v8c" > https://github.com/containerd/containerd/security/advisories/GHSA-c9cp-9c75-9v8c< / a > < br > < a href = "https://github.com/moby/moby/commit/2bbc786e4c59761d722d2d1518cd0a32829bc07f" > https://github.com/moby/moby/commit/2bbc786e4c59761d722d2d1518cd0a32829bc07f< / a > < br > < a href = "https://github.com/moby/moby/releases/tag/v20.10.14" > https://github.com/moby/moby/releases/tag/v20.10.14< / a > < br > < a href = "https://github.com/moby/moby/security/advisories/GHSA-2mm7-x5h6-5pvq" > https://github.com/moby/moby/security/advisories/GHSA-2mm7-x5h6-5pvq< / a > < br > < a href = "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6PMQKCAPK2AR3DCYITJYMMNBEGQBGLCC/" > https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6PMQKCAPK2AR3DCYITJYMMNBEGQBGLCC/< / a > < br > < a href = "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/A5AFKOQ5CE3CEIULWW4FLQKHFFU6FSYG/" > https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/A5AFKOQ5CE3CEIULWW4FLQKHFFU6FSYG/< / a > < br > < a href = "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/A5FQJ3MLFSEKQYCFPFZIKYGBXPZUJFVY/" > https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/A5FQJ3MLFSEKQYCFPFZIKYGBXPZUJFVY/< / a > < br > < a href = "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FPOJUJZXGMIVKRS4QR75F6OIXNQ6LDBL/" > https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FPOJUJZXGMIVKRS4QR75F6OIXNQ6LDBL/< / a > < br > < a href = "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HIMAHZ6AUIKN7AX26KHZYBXVECIOVWBH/" > https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HIMAHZ6AUIKN7AX26KHZYBXVECIOVWBH/< / a > < br > < a href = "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HQCVS7WBFSTKJFNX5PGDRARMTOFWV2O7/" > https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HQCVS7WBFSTKJFNX5PGDRARMTOFWV2O7/< / a > < br > < a href = "https://nvd.nist.gov/vuln/detail/CVE-2022-24769" > https://nvd.nist.gov/vuln/detail/CVE-2022-24769< / a > < br > < / details > |
2022-03-30 20:23:21 +00:00
| golang.org/x/text | CVE-2021-38561 | UNKNOWN | v0.3.4 | 0.3.7 | < details > < summary > Expand...< / summary > < a href = "https://go-review.googlesource.com/c/text/+/340830" > https://go-review.googlesource.com/c/text/+/340830< / a > < br > < a href = "https://go.googlesource.com/text/+/383b2e75a7a4198c42f8f87833eefb772868a56f" > https://go.googlesource.com/text/+/383b2e75a7a4198c42f8f87833eefb772868a56f< / a > < br > < a href = "https://pkg.go.dev/vuln/GO-2021-0113" > https://pkg.go.dev/vuln/GO-2021-0113< / a > < br > < / details > |
2021-12-18 20:15:26 +00:00
**gobinary**
| No Vulnerabilities found |
|:---------------------------------|