Cloned2Preserve
/
TrueChartsClone
mirror of https://github.com/truecharts/charts.git
1
0
Fork 0
Code
TrueChartsClone/charts/stable/website-shot/security.md

105 lines
65 KiB
Markdown
Raw Blame History

This file contains ambiguous Unicode characters

This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

---
hide:
- toc
---
# Security Overview
<link href="https://truecharts.org/_static/trivy.css" type="text/css" rel="stylesheet" />
## Helm-Chart
##### Scan Results
#### Chart Object: website-shot/templates/common.yaml
| Type | Misconfiguration ID | Check | Severity | Explaination | Links |
|:----------------|:------------------:|:-----------:|:------------------:|-----------------------------------------|-----------------------------------------|
| Kubernetes Security Check | KSV001 | Process can elevate its own privileges | MEDIUM | <details><summary>Expand...</summary> A program inside the container can elevate its own privileges and run as root, which might give the program control over the container and node. <br> <hr> <br> Container &#39;autopermissions&#39; of Deployment &#39;RELEASE-NAME-website-shot&#39; should set &#39;securityContext.allowPrivilegeEscalation&#39; to false </details>| <details><summary>Expand...</summary><a href="https://kubernetes.io/docs/concepts/security/pod-security-standards/#restricted">https://kubernetes.io/docs/concepts/security/pod-security-standards/#restricted</a><br><a href="https://avd.aquasec.com/appshield/ksv001">https://avd.aquasec.com/appshield/ksv001</a><br></details> |
| Kubernetes Security Check | KSV003 | Default capabilities not dropped | LOW | <details><summary>Expand...</summary> The container should drop all default capabilities and add only those that are needed for its execution. <br> <hr> <br> Container &#39;RELEASE-NAME-website-shot&#39; of Deployment &#39;RELEASE-NAME-website-shot&#39; should add &#39;ALL&#39; to &#39;securityContext.capabilities.drop&#39; </details>| <details><summary>Expand...</summary><a href="https://kubesec.io/basics/containers-securitycontext-capabilities-drop-index-all/">https://kubesec.io/basics/containers-securitycontext-capabilities-drop-index-all/</a><br><a href="https://avd.aquasec.com/appshield/ksv003">https://avd.aquasec.com/appshield/ksv003</a><br></details> |
| Kubernetes Security Check | KSV003 | Default capabilities not dropped | LOW | <details><summary>Expand...</summary> The container should drop all default capabilities and add only those that are needed for its execution. <br> <hr> <br> Container &#39;autopermissions&#39; of Deployment &#39;RELEASE-NAME-website-shot&#39; should add &#39;ALL&#39; to &#39;securityContext.capabilities.drop&#39; </details>| <details><summary>Expand...</summary><a href="https://kubesec.io/basics/containers-securitycontext-capabilities-drop-index-all/">https://kubesec.io/basics/containers-securitycontext-capabilities-drop-index-all/</a><br><a href="https://avd.aquasec.com/appshield/ksv003">https://avd.aquasec.com/appshield/ksv003</a><br></details> |
| Kubernetes Security Check | KSV012 | Runs as root user | MEDIUM | <details><summary>Expand...</summary> &#39;runAsNonRoot&#39; forces the running image to run as a non-root user to ensure least privileges. <br> <hr> <br> Container &#39;autopermissions&#39; of Deployment &#39;RELEASE-NAME-website-shot&#39; should set &#39;securityContext.runAsNonRoot&#39; to true </details>| <details><summary>Expand...</summary><a href="https://kubernetes.io/docs/concepts/security/pod-security-standards/#restricted">https://kubernetes.io/docs/concepts/security/pod-security-standards/#restricted</a><br><a href="https://avd.aquasec.com/appshield/ksv012">https://avd.aquasec.com/appshield/ksv012</a><br></details> |
| Kubernetes Security Check | KSV014 | Root file system is not read-only | LOW | <details><summary>Expand...</summary> An immutable root file system prevents applications from writing to their local disk. This can limit intrusions, as attackers will not be able to tamper with the file system or write foreign executables to disk. <br> <hr> <br> Container &#39;autopermissions&#39; of Deployment &#39;RELEASE-NAME-website-shot&#39; should set &#39;securityContext.readOnlyRootFilesystem&#39; to true </details>| <details><summary>Expand...</summary><a href="https://kubesec.io/basics/containers-securitycontext-readonlyrootfilesystem-true/">https://kubesec.io/basics/containers-securitycontext-readonlyrootfilesystem-true/</a><br><a href="https://avd.aquasec.com/appshield/ksv014">https://avd.aquasec.com/appshield/ksv014</a><br></details> |
| Kubernetes Security Check | KSV017 | Privileged container | HIGH | <details><summary>Expand...</summary> Privileged containers share namespaces with the host system and do not offer any security. They should be used exclusively for system containers that require high privileges. <br> <hr> <br> Container &#39;autopermissions&#39; of Deployment &#39;RELEASE-NAME-website-shot&#39; should set &#39;securityContext.privileged&#39; to false </details>| <details><summary>Expand...</summary><a href="https://kubernetes.io/docs/concepts/security/pod-security-standards/#baseline">https://kubernetes.io/docs/concepts/security/pod-security-standards/#baseline</a><br><a href="https://avd.aquasec.com/appshield/ksv017">https://avd.aquasec.com/appshield/ksv017</a><br></details> |
| Kubernetes Security Check | KSV020 | Runs with low user ID | MEDIUM | <details><summary>Expand...</summary> Force the container to run with user ID &gt; 10000 to avoid conflicts with the hosts user table. <br> <hr> <br> Container &#39;RELEASE-NAME-website-shot&#39; of Deployment &#39;RELEASE-NAME-website-shot&#39; should set &#39;securityContext.runAsUser&#39; &gt; 10000 </details>| <details><summary>Expand...</summary><a href="https://kubesec.io/basics/containers-securitycontext-runasuser/">https://kubesec.io/basics/containers-securitycontext-runasuser/</a><br><a href="https://avd.aquasec.com/appshield/ksv020">https://avd.aquasec.com/appshield/ksv020</a><br></details> |
| Kubernetes Security Check | KSV020 | Runs with low user ID | MEDIUM | <details><summary>Expand...</summary> Force the container to run with user ID &gt; 10000 to avoid conflicts with the hosts user table. <br> <hr> <br> Container &#39;autopermissions&#39; of Deployment &#39;RELEASE-NAME-website-shot&#39; should set &#39;securityContext.runAsUser&#39; &gt; 10000 </details>| <details><summary>Expand...</summary><a href="https://kubesec.io/basics/containers-securitycontext-runasuser/">https://kubesec.io/basics/containers-securitycontext-runasuser/</a><br><a href="https://avd.aquasec.com/appshield/ksv020">https://avd.aquasec.com/appshield/ksv020</a><br></details> |
| Kubernetes Security Check | KSV021 | Runs with low group ID | MEDIUM | <details><summary>Expand...</summary> Force the container to run with group ID &gt; 10000 to avoid conflicts with the hosts user table. <br> <hr> <br> Container &#39;RELEASE-NAME-website-shot&#39; of Deployment &#39;RELEASE-NAME-website-shot&#39; should set &#39;securityContext.runAsGroup&#39; &gt; 10000 </details>| <details><summary>Expand...</summary><a href="https://kubesec.io/basics/containers-securitycontext-runasuser/">https://kubesec.io/basics/containers-securitycontext-runasuser/</a><br><a href="https://avd.aquasec.com/appshield/ksv021">https://avd.aquasec.com/appshield/ksv021</a><br></details> |
| Kubernetes Security Check | KSV021 | Runs with low group ID | MEDIUM | <details><summary>Expand...</summary> Force the container to run with group ID &gt; 10000 to avoid conflicts with the hosts user table. <br> <hr> <br> Container &#39;autopermissions&#39; of Deployment &#39;RELEASE-NAME-website-shot&#39; should set &#39;securityContext.runAsGroup&#39; &gt; 10000 </details>| <details><summary>Expand...</summary><a href="https://kubesec.io/basics/containers-securitycontext-runasuser/">https://kubesec.io/basics/containers-securitycontext-runasuser/</a><br><a href="https://avd.aquasec.com/appshield/ksv021">https://avd.aquasec.com/appshield/ksv021</a><br></details> |
| Kubernetes Security Check | KSV029 | A root primary or supplementary GID set | LOW | <details><summary>Expand...</summary> Containers should be forbidden from running with a root primary or supplementary GID. <br> <hr> <br> Deployment &#39;RELEASE-NAME-website-shot&#39; should set &#39;spec.securityContext.runAsGroup&#39;, &#39;spec.securityContext.supplementalGroups[*]&#39; and &#39;spec.securityContext.fsGroup&#39; to integer greater than 0 </details>| <details><summary>Expand...</summary><a href="https://kubernetes.io/docs/concepts/security/pod-security-standards/#restricted">https://kubernetes.io/docs/concepts/security/pod-security-standards/#restricted</a><br><a href="https://avd.aquasec.com/appshield/ksv029">https://avd.aquasec.com/appshield/ksv029</a><br></details> |
## Containers
##### Detected Containers
tccr.io/truecharts/alpine:v3.15.2@sha256:29ed3480a0ee43f7af681fed5d4fc215516abf1c41eade6938b26d8c9c2c7583
tccr.io/truecharts/website-shot:latest@sha256:a68cf362beca8bce336627ee3b2f26555db4e25ea12e2d799442f6a3756973cc
##### Scan Results
#### Container: tccr.io/truecharts/alpine:v3.15.2@sha256:29ed3480a0ee43f7af681fed5d4fc215516abf1c41eade6938b26d8c9c2c7583 (alpine 3.15.2)
**alpine**
| Package | Vulnerability | Severity | Installed Version | Fixed Version | Links |
|:----------------|:------------------:|:-----------:|:------------------:|:-------------:|-----------------------------------------|
| busybox | CVE-2022-28391 | CRITICAL | 1.34.1-r4 | 1.34.1-r5 | <details><summary>Expand...</summary><a href="https://access.redhat.com/security/cve/CVE-2022-28391">https://access.redhat.com/security/cve/CVE-2022-28391</a><br><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-28391">https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-28391</a><br><a href="https://git.alpinelinux.org/aports/plain/main/busybox/0001-libbb-sockaddr2str-ensure-only-printable-characters-.patch">https://git.alpinelinux.org/aports/plain/main/busybox/0001-libbb-sockaddr2str-ensure-only-printable-characters-.patch</a><br><a href="https://git.alpinelinux.org/aports/plain/main/busybox/0002-nslookup-sanitize-all-printed-strings-with-printable.patch">https://git.alpinelinux.org/aports/plain/main/busybox/0002-nslookup-sanitize-all-printed-strings-with-printable.patch</a><br><a href="https://gitlab.alpinelinux.org/alpine/aports/-/issues/13661">https://gitlab.alpinelinux.org/alpine/aports/-/issues/13661</a><br><a href="https://nvd.nist.gov/vuln/detail/CVE-2022-28391">https://nvd.nist.gov/vuln/detail/CVE-2022-28391</a><br></details> |
| curl | CVE-2022-22576 | MEDIUM | 7.80.0-r0 | 7.80.0-r1 | <details><summary>Expand...</summary><a href="https://access.redhat.com/security/cve/CVE-2022-22576">https://access.redhat.com/security/cve/CVE-2022-22576</a><br><a href="https://curl.se/docs/CVE-2022-22576.html">https://curl.se/docs/CVE-2022-22576.html</a><br><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22576">https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22576</a><br><a href="https://hackerone.com/reports/1526328">https://hackerone.com/reports/1526328</a><br><a href="https://ubuntu.com/security/notices/USN-5397-1">https://ubuntu.com/security/notices/USN-5397-1</a><br></details> |
| curl | CVE-2022-27774 | MEDIUM | 7.80.0-r0 | 7.80.0-r1 | <details><summary>Expand...</summary><a href="https://access.redhat.com/security/cve/CVE-2022-27774">https://access.redhat.com/security/cve/CVE-2022-27774</a><br><a href="https://curl.se/docs/CVE-2022-27774.html">https://curl.se/docs/CVE-2022-27774.html</a><br><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-27774">https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-27774</a><br><a href="https://hackerone.com/reports/1543773">https://hackerone.com/reports/1543773</a><br><a href="https://ubuntu.com/security/notices/USN-5397-1">https://ubuntu.com/security/notices/USN-5397-1</a><br></details> |
| curl | CVE-2022-27776 | MEDIUM | 7.80.0-r0 | 7.80.0-r1 | <details><summary>Expand...</summary><a href="https://access.redhat.com/security/cve/CVE-2022-27776">https://access.redhat.com/security/cve/CVE-2022-27776</a><br><a href="https://curl.se/docs/CVE-2022-27776.html">https://curl.se/docs/CVE-2022-27776.html</a><br><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-27776">https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-27776</a><br><a href="https://hackerone.com/reports/1547048">https://hackerone.com/reports/1547048</a><br><a href="https://ubuntu.com/security/notices/USN-5397-1">https://ubuntu.com/security/notices/USN-5397-1</a><br></details> |
| curl | CVE-2022-27775 | LOW | 7.80.0-r0 | 7.80.0-r1 | <details><summary>Expand...</summary><a href="https://access.redhat.com/security/cve/CVE-2022-27775">https://access.redhat.com/security/cve/CVE-2022-27775</a><br><a href="https://curl.se/docs/CVE-2022-27775.html">https://curl.se/docs/CVE-2022-27775.html</a><br><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-27775">https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-27775</a><br><a href="https://hackerone.com/reports/1546268">https://hackerone.com/reports/1546268</a><br><a href="https://ubuntu.com/security/notices/USN-5397-1">https://ubuntu.com/security/notices/USN-5397-1</a><br></details> |
| libcurl | CVE-2022-22576 | MEDIUM | 7.80.0-r0 | 7.80.0-r1 | <details><summary>Expand...</summary><a href="https://access.redhat.com/security/cve/CVE-2022-22576">https://access.redhat.com/security/cve/CVE-2022-22576</a><br><a href="https://curl.se/docs/CVE-2022-22576.html">https://curl.se/docs/CVE-2022-22576.html</a><br><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22576">https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22576</a><br><a href="https://hackerone.com/reports/1526328">https://hackerone.com/reports/1526328</a><br><a href="https://ubuntu.com/security/notices/USN-5397-1">https://ubuntu.com/security/notices/USN-5397-1</a><br></details> |
| libcurl | CVE-2022-27774 | MEDIUM | 7.80.0-r0 | 7.80.0-r1 | <details><summary>Expand...</summary><a href="https://access.redhat.com/security/cve/CVE-2022-27774">https://access.redhat.com/security/cve/CVE-2022-27774</a><br><a href="https://curl.se/docs/CVE-2022-27774.html">https://curl.se/docs/CVE-2022-27774.html</a><br><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-27774">https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-27774</a><br><a href="https://hackerone.com/reports/1543773">https://hackerone.com/reports/1543773</a><br><a href="https://ubuntu.com/security/notices/USN-5397-1">https://ubuntu.com/security/notices/USN-5397-1</a><br></details> |
| libcurl | CVE-2022-27776 | MEDIUM | 7.80.0-r0 | 7.80.0-r1 | <details><summary>Expand...</summary><a href="https://access.redhat.com/security/cve/CVE-2022-27776">https://access.redhat.com/security/cve/CVE-2022-27776</a><br><a href="https://curl.se/docs/CVE-2022-27776.html">https://curl.se/docs/CVE-2022-27776.html</a><br><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-27776">https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-27776</a><br><a href="https://hackerone.com/reports/1547048">https://hackerone.com/reports/1547048</a><br><a href="https://ubuntu.com/security/notices/USN-5397-1">https://ubuntu.com/security/notices/USN-5397-1</a><br></details> |
| libcurl | CVE-2022-27775 | LOW | 7.80.0-r0 | 7.80.0-r1 | <details><summary>Expand...</summary><a href="https://access.redhat.com/security/cve/CVE-2022-27775">https://access.redhat.com/security/cve/CVE-2022-27775</a><br><a href="https://curl.se/docs/CVE-2022-27775.html">https://curl.se/docs/CVE-2022-27775.html</a><br><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-27775">https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-27775</a><br><a href="https://hackerone.com/reports/1546268">https://hackerone.com/reports/1546268</a><br><a href="https://ubuntu.com/security/notices/USN-5397-1">https://ubuntu.com/security/notices/USN-5397-1</a><br></details> |
| ssl_client | CVE-2022-28391 | CRITICAL | 1.34.1-r4 | 1.34.1-r5 | <details><summary>Expand...</summary><a href="https://access.redhat.com/security/cve/CVE-2022-28391">https://access.redhat.com/security/cve/CVE-2022-28391</a><br><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-28391">https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-28391</a><br><a href="https://git.alpinelinux.org/aports/plain/main/busybox/0001-libbb-sockaddr2str-ensure-only-printable-characters-.patch">https://git.alpinelinux.org/aports/plain/main/busybox/0001-libbb-sockaddr2str-ensure-only-printable-characters-.patch</a><br><a href="https://git.alpinelinux.org/aports/plain/main/busybox/0002-nslookup-sanitize-all-printed-strings-with-printable.patch">https://git.alpinelinux.org/aports/plain/main/busybox/0002-nslookup-sanitize-all-printed-strings-with-printable.patch</a><br><a href="https://gitlab.alpinelinux.org/alpine/aports/-/issues/13661">https://gitlab.alpinelinux.org/alpine/aports/-/issues/13661</a><br><a href="https://nvd.nist.gov/vuln/detail/CVE-2022-28391">https://nvd.nist.gov/vuln/detail/CVE-2022-28391</a><br></details> |
| zlib | CVE-2018-25032 | HIGH | 1.2.11-r3 | 1.2.12-r0 | <details><summary>Expand...</summary><a href="http://seclists.org/fulldisclosure/2022/May/33">http://seclists.org/fulldisclosure/2022/May/33</a><br><a href="http://seclists.org/fulldisclosure/2022/May/35">http://seclists.org/fulldisclosure/2022/May/35</a><br><a href="http://seclists.org/fulldisclosure/2022/May/38">http://seclists.org/fulldisclosure/2022/May/38</a><br><a href="http://www.openwall.com/lists/oss-security/2022/03/25/2">http://www.openwall.com/lists/oss-security/2022/03/25/2</a><br><a href="http://www.openwall.com/lists/oss-security/2022/03/26/1">http://www.openwall.com/lists/oss-security/2022/03/26/1</a><br><a href="https://access.redhat.com/security/cve/CVE-2018-25032">https://access.redhat.com/security/cve/CVE-2018-25032</a><br><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-25032">https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-25032</a><br><a href="https://errata.almalinux.org/8/ALSA-2022-2201.html">https://errata.almalinux.org/8/ALSA-2022-2201.html</a><br><a href="https://github.com/madler/zlib/commit/5c44459c3b28a9bd3283aaceab7c615f8020c531">https://github.com/madler/zlib/commit/5c44459c3b28a9bd3283aaceab7c615f8020c531</a><br><a href="https://github.com/madler/zlib/compare/v1.2.11...v1.2.12">https://github.com/madler/zlib/compare/v1.2.11...v1.2.12</a><br><a href="https://github.com/madler/zlib/issues/605">https://github.com/madler/zlib/issues/605</a><br><a href="https://github.com/sparklemotion/nokogiri/releases/tag/v1.13.4">https://github.com/sparklemotion/nokogiri/releases/tag/v1.13.4</a><br><a href="https://github.com/sparklemotion/nokogiri/security/advisories/GHSA-v6gp-9mmm-c6p5">https://github.com/sparklemotion/nokogiri/security/advisories/GHSA-v6gp-9mmm-c6p5</a><br><a href="https://groups.google.com/g/ruby-security-ann/c/vX7qSjsvWis/m/TJWN4oOKBwAJ">https://groups.google.com/g/ruby-security-ann/c/vX7qSjsvWis/m/TJWN4oOKBwAJ</a><br><a href="https://linux.oracle.com/cve/CVE-2018-25032.html">https://linux.oracle.com/cve/CVE-2018-25032.html</a><br><a href="https://linux.oracle.com/errata/ELSA-2022-2213.html">https://linux.oracle.com/errata/ELSA-2022-2213.html</a><br><a href="https://lists.debian.org/debian-lts-announce/2022/04/msg00000.html">https://lists.debian.org/debian-lts-announce/2022/04/msg00000.html</a><br><a href="https://lists.debian.org/debian-lts-announce/2022/05/msg00008.html">https://lists.debian.org/debian-lts-announce/2022/05/msg00008.html</a><br><a href="https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/NS2D2GFPFGOJUL4WQ3DUAY7HF4VWQ77F/">https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/NS2D2GFPFGOJUL4WQ3DUAY7HF4VWQ77F/</a><br><a href="https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VOKNP2L734AEL47NRYGVZIKEFOUBQY5Y/">https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VOKNP2L734AEL47NRYGVZIKEFOUBQY5Y/</a><br><a href="https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XOKFMSNQ5D5WGMALBNBXU3GE442V74WU/">https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XOKFMSNQ5D5WGMALBNBXU3GE442V74WU/</a><br><a href="https://nvd.nist.gov/vuln/detail/CVE-2018-25032">https://nvd.nist.gov/vuln/detail/CVE-2018-25032</a><br><a href="https://security.netapp.com/advisory/ntap-20220526-0009/">https://security.netapp.com/advisory/ntap-20220526-0009/</a><br><a href="https://support.apple.com/kb/HT213255">https://support.apple.com/kb/HT213255</a><br><a href="https://support.apple.com/kb/HT213256">https://support.apple.com/kb/HT213256</a><br><a href="https://support.apple.com/kb/HT213257">https://support.apple.com/kb/HT213257</a><br><a href="https://ubuntu.com/security/notices/USN-5355-1">https://ubuntu.com/security/notices/USN-5355-1</a><br><a href="https://ubuntu.com/security/notices/USN-5355-2">https://ubuntu.com/security/notices/USN-5355-2</a><br><a href="https://ubuntu.com/security/notices/USN-5359-1">https://ubuntu.com/security/notices/USN-5359-1</a><br><a href="https://www.debian.org/security/2022/dsa-5111">https://www.debian.org/security/2022/dsa-5111</a><br><a href="https://www.openwall.com/lists/oss-security/2022/03/24/1">https://www.openwall.com/lists/oss-security/2022/03/24/1</a><br><a href="https://www.openwall.com/lists/oss-security/2022/03/28/1">https://www.openwall.com/lists/oss-security/2022/03/28/1</a><br><a href="https://www.openwall.com/lists/oss-security/2022/03/28/3">https://www.openwall.com/lists/oss-security/2022/03/28/3</a><br></details> |
#### Container: tccr.io/truecharts/website-shot:latest@sha256:a68cf362beca8bce336627ee3b2f26555db4e25ea12e2d799442f6a3756973cc (alpine 3.15.0)
**alpine**
| Package | Vulnerability | Severity | Installed Version | Fixed Version | Links |
|:----------------|:------------------:|:-----------:|:------------------:|:-------------:|-----------------------------------------|
| cairo | CVE-2019-6462 | MEDIUM | 1.16.0-r3 | 1.16.0-r5 | <details><summary>Expand...</summary><a href="https://access.redhat.com/security/cve/CVE-2019-6462">https://access.redhat.com/security/cve/CVE-2019-6462</a><br><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-6462">https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-6462</a><br><a href="https://github.com/TeamSeri0us/pocs/tree/master/gerbv">https://github.com/TeamSeri0us/pocs/tree/master/gerbv</a><br><a href="https://gitlab.freedesktop.org/cairo/cairo/issues/353">https://gitlab.freedesktop.org/cairo/cairo/issues/353</a><br><a href="https://lists.apache.org/thread.html/rf9fa47ab66495c78bb4120b0754dd9531ca2ff0430f6685ac9b07772@%3Cdev.mina.apache.org%3E">https://lists.apache.org/thread.html/rf9fa47ab66495c78bb4120b0754dd9531ca2ff0430f6685ac9b07772@%3Cdev.mina.apache.org%3E</a><br><a href="https://nvd.nist.gov/vuln/detail/CVE-2019-6462">https://nvd.nist.gov/vuln/detail/CVE-2019-6462</a><br><a href="https://ubuntu.com/security/notices/USN-5407-1">https://ubuntu.com/security/notices/USN-5407-1</a><br></details> |
| cairo-gobject | CVE-2019-6462 | MEDIUM | 1.16.0-r3 | 1.16.0-r5 | <details><summary>Expand...</summary><a href="https://access.redhat.com/security/cve/CVE-2019-6462">https://access.redhat.com/security/cve/CVE-2019-6462</a><br><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-6462">https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-6462</a><br><a href="https://github.com/TeamSeri0us/pocs/tree/master/gerbv">https://github.com/TeamSeri0us/pocs/tree/master/gerbv</a><br><a href="https://gitlab.freedesktop.org/cairo/cairo/issues/353">https://gitlab.freedesktop.org/cairo/cairo/issues/353</a><br><a href="https://lists.apache.org/thread.html/rf9fa47ab66495c78bb4120b0754dd9531ca2ff0430f6685ac9b07772@%3Cdev.mina.apache.org%3E">https://lists.apache.org/thread.html/rf9fa47ab66495c78bb4120b0754dd9531ca2ff0430f6685ac9b07772@%3Cdev.mina.apache.org%3E</a><br><a href="https://nvd.nist.gov/vuln/detail/CVE-2019-6462">https://nvd.nist.gov/vuln/detail/CVE-2019-6462</a><br><a href="https://ubuntu.com/security/notices/USN-5407-1">https://ubuntu.com/security/notices/USN-5407-1</a><br></details> |
| cups-libs | CVE-2022-26691 | HIGH | 2.3.3-r5 | 2.3.3-r6 | <details><summary>Expand...</summary><a href="https://access.redhat.com/security/cve/CVE-2022-26691">https://access.redhat.com/security/cve/CVE-2022-26691</a><br><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-26691">https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-26691</a><br><a href="https://github.com/mandiant/Vulnerability-Disclosures/blob/master/2022/MNDT-2022-0026/MNDT-2022-0026.md">https://github.com/mandiant/Vulnerability-Disclosures/blob/master/2022/MNDT-2022-0026/MNDT-2022-0026.md</a><br><a href="https://lists.debian.org/debian-lts-announce/2022/05/msg00039.html">https://lists.debian.org/debian-lts-announce/2022/05/msg00039.html</a><br><a href="https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KQ6TD7F3VRITPEHFDHZHK7MU6FEBMZ5U/">https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KQ6TD7F3VRITPEHFDHZHK7MU6FEBMZ5U/</a><br><a href="https://openprinting.github.io/cups-2.4.2">https://openprinting.github.io/cups-2.4.2</a><br><a href="https://support.apple.com/en-in/HT213183">https://support.apple.com/en-in/HT213183</a><br><a href="https://support.apple.com/en-us/HT213183">https://support.apple.com/en-us/HT213183</a><br><a href="https://support.apple.com/en-us/HT213184">https://support.apple.com/en-us/HT213184</a><br><a href="https://support.apple.com/en-us/HT213185">https://support.apple.com/en-us/HT213185</a><br><a href="https://ubuntu.com/security/notices/USN-5454-1">https://ubuntu.com/security/notices/USN-5454-1</a><br><a href="https://ubuntu.com/security/notices/USN-5454-2">https://ubuntu.com/security/notices/USN-5454-2</a><br><a href="https://www.debian.org/security/2022/dsa-5149">https://www.debian.org/security/2022/dsa-5149</a><br></details> |
| freetype | CVE-2022-27404 | CRITICAL | 2.11.1-r0 | 2.11.1-r1 | <details><summary>Expand...</summary><a href="https://access.redhat.com/security/cve/CVE-2022-27404">https://access.redhat.com/security/cve/CVE-2022-27404</a><br><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-27404">https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-27404</a><br><a href="https://gitlab.freedesktop.org/freetype/freetype/-/commit/53dfdcd8198d2b3201a23c4bad9190519ba918db">https://gitlab.freedesktop.org/freetype/freetype/-/commit/53dfdcd8198d2b3201a23c4bad9190519ba918db</a><br><a href="https://gitlab.freedesktop.org/freetype/freetype/-/issues/1138">https://gitlab.freedesktop.org/freetype/freetype/-/issues/1138</a><br><a href="https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/EFPNRKDLCXHZVYYQLQMP44UHLU32GA6Z/">https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/EFPNRKDLCXHZVYYQLQMP44UHLU32GA6Z/</a><br><a href="https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FDU2FOEMCEF6WVR6ZBIH5MT5O7FAK6UP/">https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FDU2FOEMCEF6WVR6ZBIH5MT5O7FAK6UP/</a><br><a href="https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/IWQ7IB2A75MEHM63WEUXBYEC7OR5SGDY/">https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/IWQ7IB2A75MEHM63WEUXBYEC7OR5SGDY/</a><br><a href="https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/NYVC2NPKKXKP3TWJWG4ONYWNO6ZPHLA5/">https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/NYVC2NPKKXKP3TWJWG4ONYWNO6ZPHLA5/</a><br><a href="https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TCEMWCM46PKM4U5ENRASPKQD6JDOLKRU/">https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TCEMWCM46PKM4U5ENRASPKQD6JDOLKRU/</a><br><a href="https://nvd.nist.gov/vuln/detail/CVE-2022-27404">https://nvd.nist.gov/vuln/detail/CVE-2022-27404</a><br></details> |
| freetype | CVE-2022-27405 | HIGH | 2.11.1-r0 | 2.11.1-r2 | <details><summary>Expand...</summary><a href="http://freetype.com">http://freetype.com</a><br><a href="https://access.redhat.com/security/cve/CVE-2022-27405">https://access.redhat.com/security/cve/CVE-2022-27405</a><br><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-27405">https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-27405</a><br><a href="https://gitlab.freedesktop.org/freetype/freetype/-/commit/22a0cccb4d9d002f33c1ba7a4b36812c7d4f46b5">https://gitlab.freedesktop.org/freetype/freetype/-/commit/22a0cccb4d9d002f33c1ba7a4b36812c7d4f46b5</a><br><a href="https://gitlab.freedesktop.org/freetype/freetype/-/issues/1139">https://gitlab.freedesktop.org/freetype/freetype/-/issues/1139</a><br><a href="https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/EFPNRKDLCXHZVYYQLQMP44UHLU32GA6Z/">https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/EFPNRKDLCXHZVYYQLQMP44UHLU32GA6Z/</a><br><a href="https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FDU2FOEMCEF6WVR6ZBIH5MT5O7FAK6UP/">https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FDU2FOEMCEF6WVR6ZBIH5MT5O7FAK6UP/</a><br><a href="https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/IWQ7IB2A75MEHM63WEUXBYEC7OR5SGDY/">https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/IWQ7IB2A75MEHM63WEUXBYEC7OR5SGDY/</a><br><a href="https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/NYVC2NPKKXKP3TWJWG4ONYWNO6ZPHLA5/">https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/NYVC2NPKKXKP3TWJWG4ONYWNO6ZPHLA5/</a><br><a href="https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TCEMWCM46PKM4U5ENRASPKQD6JDOLKRU/">https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TCEMWCM46PKM4U5ENRASPKQD6JDOLKRU/</a><br><a href="https://nvd.nist.gov/vuln/detail/CVE-2022-27405">https://nvd.nist.gov/vuln/detail/CVE-2022-27405</a><br></details> |
| freetype | CVE-2022-27406 | HIGH | 2.11.1-r0 | 2.11.1-r2 | <details><summary>Expand...</summary><a href="http://freetype.com">http://freetype.com</a><br><a href="https://access.redhat.com/security/cve/CVE-2022-27406">https://access.redhat.com/security/cve/CVE-2022-27406</a><br><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-27406">https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-27406</a><br><a href="https://gitlab.freedesktop.org/freetype/freetype/-/commit/0c2bdb01a2e1d24a3e592377a6d0822856e10df2">https://gitlab.freedesktop.org/freetype/freetype/-/commit/0c2bdb01a2e1d24a3e592377a6d0822856e10df2</a><br><a href="https://gitlab.freedesktop.org/freetype/freetype/-/issues/1140">https://gitlab.freedesktop.org/freetype/freetype/-/issues/1140</a><br><a href="https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/EFPNRKDLCXHZVYYQLQMP44UHLU32GA6Z/">https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/EFPNRKDLCXHZVYYQLQMP44UHLU32GA6Z/</a><br><a href="https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FDU2FOEMCEF6WVR6ZBIH5MT5O7FAK6UP/">https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FDU2FOEMCEF6WVR6ZBIH5MT5O7FAK6UP/</a><br><a href="https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/IWQ7IB2A75MEHM63WEUXBYEC7OR5SGDY/">https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/IWQ7IB2A75MEHM63WEUXBYEC7OR5SGDY/</a><br><a href="https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/NYVC2NPKKXKP3TWJWG4ONYWNO6ZPHLA5/">https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/NYVC2NPKKXKP3TWJWG4ONYWNO6ZPHLA5/</a><br><a href="https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TCEMWCM46PKM4U5ENRASPKQD6JDOLKRU/">https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TCEMWCM46PKM4U5ENRASPKQD6JDOLKRU/</a><br><a href="https://nvd.nist.gov/vuln/detail/CVE-2022-27406">https://nvd.nist.gov/vuln/detail/CVE-2022-27406</a><br><a href="https://ubuntu.com/security/notices/USN-5453-1">https://ubuntu.com/security/notices/USN-5453-1</a><br></details> |
| gdk-pixbuf | CVE-2021-44648 | HIGH | 2.42.6-r0 | 2.42.8-r0 | <details><summary>Expand...</summary><a href="https://access.redhat.com/security/cve/CVE-2021-44648">https://access.redhat.com/security/cve/CVE-2021-44648</a><br><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-44648">https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-44648</a><br><a href="https://gitlab.gnome.org/GNOME/gdk-pixbuf/-/issues/136">https://gitlab.gnome.org/GNOME/gdk-pixbuf/-/issues/136</a><br><a href="https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JEVTOGIJITK2N5AOOLKKMDIICZDQE6CH/">https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JEVTOGIJITK2N5AOOLKKMDIICZDQE6CH/</a><br><a href="https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PEKBMOO52RXONWKB6ZKKHTVPLF6WC3KF/">https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PEKBMOO52RXONWKB6ZKKHTVPLF6WC3KF/</a><br><a href="https://sahildhar.github.io/blogpost/GdkPixbuf-Heap-Buffer-Overflow-in-lzw_decoder_new/">https://sahildhar.github.io/blogpost/GdkPixbuf-Heap-Buffer-Overflow-in-lzw_decoder_new/</a><br></details> |
| libcurl | CVE-2022-22576 | MEDIUM | 7.80.0-r0 | 7.80.0-r1 | <details><summary>Expand...</summary><a href="https://access.redhat.com/security/cve/CVE-2022-22576">https://access.redhat.com/security/cve/CVE-2022-22576</a><br><a href="https://curl.se/docs/CVE-2022-22576.html">https://curl.se/docs/CVE-2022-22576.html</a><br><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22576">https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22576</a><br><a href="https://hackerone.com/reports/1526328">https://hackerone.com/reports/1526328</a><br><a href="https://ubuntu.com/security/notices/USN-5397-1">https://ubuntu.com/security/notices/USN-5397-1</a><br></details> |
| libcurl | CVE-2022-27774 | MEDIUM | 7.80.0-r0 | 7.80.0-r1 | <details><summary>Expand...</summary><a href="https://access.redhat.com/security/cve/CVE-2022-27774">https://access.redhat.com/security/cve/CVE-2022-27774</a><br><a href="https://curl.se/docs/CVE-2022-27774.html">https://curl.se/docs/CVE-2022-27774.html</a><br><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-27774">https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-27774</a><br><a href="https://hackerone.com/reports/1543773">https://hackerone.com/reports/1543773</a><br><a href="https://ubuntu.com/security/notices/USN-5397-1">https://ubuntu.com/security/notices/USN-5397-1</a><br></details> |
| libcurl | CVE-2022-27776 | MEDIUM | 7.80.0-r0 | 7.80.0-r1 | <details><summary>Expand...</summary><a href="https://access.redhat.com/security/cve/CVE-2022-27776">https://access.redhat.com/security/cve/CVE-2022-27776</a><br><a href="https://curl.se/docs/CVE-2022-27776.html">https://curl.se/docs/CVE-2022-27776.html</a><br><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-27776">https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-27776</a><br><a href="https://hackerone.com/reports/1547048">https://hackerone.com/reports/1547048</a><br><a href="https://ubuntu.com/security/notices/USN-5397-1">https://ubuntu.com/security/notices/USN-5397-1</a><br></details> |
| libcurl | CVE-2022-27775 | LOW | 7.80.0-r0 | 7.80.0-r1 | <details><summary>Expand...</summary><a href="https://access.redhat.com/security/cve/CVE-2022-27775">https://access.redhat.com/security/cve/CVE-2022-27775</a><br><a href="https://curl.se/docs/CVE-2022-27775.html">https://curl.se/docs/CVE-2022-27775.html</a><br><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-27775">https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-27775</a><br><a href="https://hackerone.com/reports/1546268">https://hackerone.com/reports/1546268</a><br><a href="https://ubuntu.com/security/notices/USN-5397-1">https://ubuntu.com/security/notices/USN-5397-1</a><br></details> |
| libxml2 | CVE-2022-29824 | MEDIUM | 2.9.13-r0 | 2.9.14-r0 | <details><summary>Expand...</summary><a href="http://packetstormsecurity.com/files/167345/libxml2-xmlBufAdd-Heap-Buffer-Overflow.html">http://packetstormsecurity.com/files/167345/libxml2-xmlBufAdd-Heap-Buffer-Overflow.html</a><br><a href="https://access.redhat.com/security/cve/CVE-2022-29824">https://access.redhat.com/security/cve/CVE-2022-29824</a><br><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-29824">https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-29824</a><br><a href="https://gitlab.gnome.org/GNOME/libxml2/-/commit/2554a2408e09f13652049e5ffb0d26196b02ebab">https://gitlab.gnome.org/GNOME/libxml2/-/commit/2554a2408e09f13652049e5ffb0d26196b02ebab</a><br><a href="https://gitlab.gnome.org/GNOME/libxml2/-/commit/2554a2408e09f13652049e5ffb0d26196b02ebab (v2.9.14)">https://gitlab.gnome.org/GNOME/libxml2/-/commit/2554a2408e09f13652049e5ffb0d26196b02ebab (v2.9.14)</a><br><a href="https://gitlab.gnome.org/GNOME/libxml2/-/commit/6c283d83eccd940bcde15634ac8c7f100e3caefd">https://gitlab.gnome.org/GNOME/libxml2/-/commit/6c283d83eccd940bcde15634ac8c7f100e3caefd</a><br><a href="https://gitlab.gnome.org/GNOME/libxml2/-/commit/6c283d83eccd940bcde15634ac8c7f100e3caefd (master)">https://gitlab.gnome.org/GNOME/libxml2/-/commit/6c283d83eccd940bcde15634ac8c7f100e3caefd (master)</a><br><a href="https://gitlab.gnome.org/GNOME/libxml2/-/tags/v2.9.14">https://gitlab.gnome.org/GNOME/libxml2/-/tags/v2.9.14</a><br><a href="https://gitlab.gnome.org/GNOME/libxslt/-/tags">https://gitlab.gnome.org/GNOME/libxslt/-/tags</a><br><a href="https://lists.debian.org/debian-lts-announce/2022/05/msg00023.html">https://lists.debian.org/debian-lts-announce/2022/05/msg00023.html</a><br><a href="https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FZOBT5Y6Y2QLDDX2HZGMV7MJMWGXORKK/">https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FZOBT5Y6Y2QLDDX2HZGMV7MJMWGXORKK/</a><br><a href="https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/P3NVZVWFRBXBI3AKZZWUWY6INQQPQVSF/">https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/P3NVZVWFRBXBI3AKZZWUWY6INQQPQVSF/</a><br><a href="https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/P5363EDV5VHZ5C77ODA43RYDCPMA7ARM/">https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/P5363EDV5VHZ5C77ODA43RYDCPMA7ARM/</a><br><a href="https://nvd.nist.gov/vuln/detail/CVE-2022-29824">https://nvd.nist.gov/vuln/detail/CVE-2022-29824</a><br><a href="https://ubuntu.com/security/notices/USN-5422-1">https://ubuntu.com/security/notices/USN-5422-1</a><br><a href="https://www.debian.org/security/2022/dsa-5142">https://www.debian.org/security/2022/dsa-5142</a><br></details> |
| tiff | CVE-2022-0891 | HIGH | 4.3.0-r0 | 4.3.0-r1 | <details><summary>Expand...</summary><a href="https://access.redhat.com/security/cve/CVE-2022-0891">https://access.redhat.com/security/cve/CVE-2022-0891</a><br><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0891">https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0891</a><br><a href="https://gitlab.com/freedesktop-sdk/mirrors/gitlab/libtiff/libtiff/-/commit/232282fd8f9c21eefe8d2d2b96cdbbb172fe7b7c">https://gitlab.com/freedesktop-sdk/mirrors/gitlab/libtiff/libtiff/-/commit/232282fd8f9c21eefe8d2d2b96cdbbb172fe7b7c</a><br><a href="https://gitlab.com/gitlab-org/cves/-/blob/master/2022/CVE-2022-0891.json">https://gitlab.com/gitlab-org/cves/-/blob/master/2022/CVE-2022-0891.json</a><br><a href="https://gitlab.com/libtiff/libtiff/-/commit/232282fd8f9c21eefe8d2d2b96cdbbb172fe7b7c">https://gitlab.com/libtiff/libtiff/-/commit/232282fd8f9c21eefe8d2d2b96cdbbb172fe7b7c</a><br><a href="https://gitlab.com/libtiff/libtiff/-/issues/380">https://gitlab.com/libtiff/libtiff/-/issues/380</a><br><a href="https://gitlab.com/libtiff/libtiff/-/issues/382">https://gitlab.com/libtiff/libtiff/-/issues/382</a><br><a href="https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RNT2GFNRLOMKJ5KXM6JIHKBNBFDVZPD3/">https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RNT2GFNRLOMKJ5KXM6JIHKBNBFDVZPD3/</a><br><a href="https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZQ4E654ZYUUUQNBKYQFXNK2CV3CPWTM2/">https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZQ4E654ZYUUUQNBKYQFXNK2CV3CPWTM2/</a><br><a href="https://nvd.nist.gov/vuln/detail/CVE-2022-0891">https://nvd.nist.gov/vuln/detail/CVE-2022-0891</a><br><a href="https://ubuntu.com/security/notices/USN-5421-1">https://ubuntu.com/security/notices/USN-5421-1</a><br><a href="https://www.debian.org/security/2022/dsa-5108">https://www.debian.org/security/2022/dsa-5108</a><br></details> |
| tiff | CVE-2022-0561 | MEDIUM | 4.3.0-r0 | 4.3.0-r1 | <details><summary>Expand...</summary><a href="https://access.redhat.com/security/cve/CVE-2022-0561">https://access.redhat.com/security/cve/CVE-2022-0561</a><br><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0561">https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0561</a><br><a href="https://gitlab.com/freedesktop-sdk/mirrors/gitlab/libtiff/libtiff/-/commit/eecb0712f4c3a5b449f70c57988260a667ddbdef">https://gitlab.com/freedesktop-sdk/mirrors/gitlab/libtiff/libtiff/-/commit/eecb0712f4c3a5b449f70c57988260a667ddbdef</a><br><a href="https://gitlab.com/gitlab-org/cves/-/blob/master/2022/CVE-2022-0561.json">https://gitlab.com/gitlab-org/cves/-/blob/master/2022/CVE-2022-0561.json</a><br><a href="https://gitlab.com/libtiff/libtiff/-/issues/362">https://gitlab.com/libtiff/libtiff/-/issues/362</a><br><a href="https://lists.debian.org/debian-lts-announce/2022/03/msg00001.html">https://lists.debian.org/debian-lts-announce/2022/03/msg00001.html</a><br><a href="https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DZEHZ35XVO2VBZ4HHCMM6J6TQIDSBQOM/">https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DZEHZ35XVO2VBZ4HHCMM6J6TQIDSBQOM/</a><br><a href="https://nvd.nist.gov/vuln/detail/CVE-2022-0561">https://nvd.nist.gov/vuln/detail/CVE-2022-0561</a><br><a href="https://security.netapp.com/advisory/ntap-20220318-0001/">https://security.netapp.com/advisory/ntap-20220318-0001/</a><br><a href="https://ubuntu.com/security/notices/USN-5421-1">https://ubuntu.com/security/notices/USN-5421-1</a><br><a href="https://www.debian.org/security/2022/dsa-5108">https://www.debian.org/security/2022/dsa-5108</a><br></details> |
| tiff | CVE-2022-0562 | MEDIUM | 4.3.0-r0 | 4.3.0-r1 | <details><summary>Expand...</summary><a href="https://access.redhat.com/security/cve/CVE-2022-0562">https://access.redhat.com/security/cve/CVE-2022-0562</a><br><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0562">https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0562</a><br><a href="https://gitlab.com/gitlab-org/build/omnibus-mirror/libtiff/-/commit/561599c99f987dc32ae110370cfdd7df7975586b">https://gitlab.com/gitlab-org/build/omnibus-mirror/libtiff/-/commit/561599c99f987dc32ae110370cfdd7df7975586b</a><br><a href="https://gitlab.com/gitlab-org/cves/-/blob/master/2022/CVE-2022-0562.json">https://gitlab.com/gitlab-org/cves/-/blob/master/2022/CVE-2022-0562.json</a><br><a href="https://gitlab.com/libtiff/libtiff/-/issues/362">https://gitlab.com/libtiff/libtiff/-/issues/362</a><br><a href="https://lists.debian.org/debian-lts-announce/2022/03/msg00001.html">https://lists.debian.org/debian-lts-announce/2022/03/msg00001.html</a><br><a href="https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DZEHZ35XVO2VBZ4HHCMM6J6TQIDSBQOM/">https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DZEHZ35XVO2VBZ4HHCMM6J6TQIDSBQOM/</a><br><a href="https://nvd.nist.gov/vuln/detail/CVE-2022-0562">https://nvd.nist.gov/vuln/detail/CVE-2022-0562</a><br><a href="https://security.netapp.com/advisory/ntap-20220318-0001/">https://security.netapp.com/advisory/ntap-20220318-0001/</a><br><a href="https://ubuntu.com/security/notices/USN-5421-1">https://ubuntu.com/security/notices/USN-5421-1</a><br><a href="https://www.debian.org/security/2022/dsa-5108">https://www.debian.org/security/2022/dsa-5108</a><br></details> |
| tiff | CVE-2022-0865 | MEDIUM | 4.3.0-r0 | 4.3.0-r1 | <details><summary>Expand...</summary><a href="https://access.redhat.com/security/cve/CVE-2022-0865">https://access.redhat.com/security/cve/CVE-2022-0865</a><br><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0865">https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0865</a><br><a href="https://gitlab.com/gitlab-org/cves/-/blob/master/2022/CVE-2022-0865.json">https://gitlab.com/gitlab-org/cves/-/blob/master/2022/CVE-2022-0865.json</a><br><a href="https://gitlab.com/libtiff/libtiff/-/commit/a1c933dabd0e1c54a412f3f84ae0aa58115c6067">https://gitlab.com/libtiff/libtiff/-/commit/a1c933dabd0e1c54a412f3f84ae0aa58115c6067</a><br><a href="https://gitlab.com/libtiff/libtiff/-/issues/385">https://gitlab.com/libtiff/libtiff/-/issues/385</a><br><a href="https://gitlab.com/libtiff/libtiff/-/merge_requests/306">https://gitlab.com/libtiff/libtiff/-/merge_requests/306</a><br><a href="https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RNT2GFNRLOMKJ5KXM6JIHKBNBFDVZPD3/">https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RNT2GFNRLOMKJ5KXM6JIHKBNBFDVZPD3/</a><br><a href="https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZQ4E654ZYUUUQNBKYQFXNK2CV3CPWTM2/">https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZQ4E654ZYUUUQNBKYQFXNK2CV3CPWTM2/</a><br><a href="https://nvd.nist.gov/vuln/detail/CVE-2022-0865">https://nvd.nist.gov/vuln/detail/CVE-2022-0865</a><br><a href="https://ubuntu.com/security/notices/USN-5421-1">https://ubuntu.com/security/notices/USN-5421-1</a><br><a href="https://www.debian.org/security/2022/dsa-5108">https://www.debian.org/security/2022/dsa-5108</a><br></details> |
| tiff | CVE-2022-0907 | MEDIUM | 4.3.0-r0 | 4.3.0-r1 | <details><summary>Expand...</summary><a href="https://access.redhat.com/security/cve/CVE-2022-0907">https://access.redhat.com/security/cve/CVE-2022-0907</a><br><a href="https://gitlab.com/gitlab-org/cves/-/blob/master/2022/CVE-2022-0907.json">https://gitlab.com/gitlab-org/cves/-/blob/master/2022/CVE-2022-0907.json</a><br><a href="https://gitlab.com/libtiff/libtiff/-/issues/392">https://gitlab.com/libtiff/libtiff/-/issues/392</a><br><a href="https://gitlab.com/libtiff/libtiff/-/merge_requests/314">https://gitlab.com/libtiff/libtiff/-/merge_requests/314</a><br><a href="https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RNT2GFNRLOMKJ5KXM6JIHKBNBFDVZPD3/">https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RNT2GFNRLOMKJ5KXM6JIHKBNBFDVZPD3/</a><br><a href="https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZQ4E654ZYUUUQNBKYQFXNK2CV3CPWTM2/">https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZQ4E654ZYUUUQNBKYQFXNK2CV3CPWTM2/</a><br><a href="https://nvd.nist.gov/vuln/detail/CVE-2022-0907">https://nvd.nist.gov/vuln/detail/CVE-2022-0907</a><br><a href="https://security.netapp.com/advisory/ntap-20220506-0002/">https://security.netapp.com/advisory/ntap-20220506-0002/</a><br><a href="https://www.debian.org/security/2022/dsa-5108">https://www.debian.org/security/2022/dsa-5108</a><br></details> |
| tiff | CVE-2022-0908 | MEDIUM | 4.3.0-r0 | 4.3.0-r1 | <details><summary>Expand...</summary><a href="https://access.redhat.com/security/cve/CVE-2022-0908">https://access.redhat.com/security/cve/CVE-2022-0908</a><br><a href="https://gitlab.com/gitlab-org/cves/-/blob/master/2022/CVE-2022-0908.json">https://gitlab.com/gitlab-org/cves/-/blob/master/2022/CVE-2022-0908.json</a><br><a href="https://gitlab.com/libtiff/libtiff/-/commit/a95b799f65064e4ba2e2dfc206808f86faf93e85">https://gitlab.com/libtiff/libtiff/-/commit/a95b799f65064e4ba2e2dfc206808f86faf93e85</a><br><a href="https://gitlab.com/libtiff/libtiff/-/issues/383">https://gitlab.com/libtiff/libtiff/-/issues/383</a><br><a href="https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RNT2GFNRLOMKJ5KXM6JIHKBNBFDVZPD3/">https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RNT2GFNRLOMKJ5KXM6JIHKBNBFDVZPD3/</a><br><a href="https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZQ4E654ZYUUUQNBKYQFXNK2CV3CPWTM2/">https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZQ4E654ZYUUUQNBKYQFXNK2CV3CPWTM2/</a><br><a href="https://nvd.nist.gov/vuln/detail/CVE-2022-0908">https://nvd.nist.gov/vuln/detail/CVE-2022-0908</a><br><a href="https://security.netapp.com/advisory/ntap-20220506-0002/">https://security.netapp.com/advisory/ntap-20220506-0002/</a><br><a href="https://www.debian.org/security/2022/dsa-5108">https://www.debian.org/security/2022/dsa-5108</a><br></details> |
| tiff | CVE-2022-0909 | MEDIUM | 4.3.0-r0 | 4.3.0-r1 | <details><summary>Expand...</summary><a href="https://access.redhat.com/security/cve/CVE-2022-0909">https://access.redhat.com/security/cve/CVE-2022-0909</a><br><a href="https://gitlab.com/gitlab-org/cves/-/blob/master/2022/CVE-2022-0909.json">https://gitlab.com/gitlab-org/cves/-/blob/master/2022/CVE-2022-0909.json</a><br><a href="https://gitlab.com/libtiff/libtiff/-/issues/393">https://gitlab.com/libtiff/libtiff/-/issues/393</a><br><a href="https://gitlab.com/libtiff/libtiff/-/merge_requests/310">https://gitlab.com/libtiff/libtiff/-/merge_requests/310</a><br><a href="https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RNT2GFNRLOMKJ5KXM6JIHKBNBFDVZPD3/">https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RNT2GFNRLOMKJ5KXM6JIHKBNBFDVZPD3/</a><br><a href="https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZQ4E654ZYUUUQNBKYQFXNK2CV3CPWTM2/">https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZQ4E654ZYUUUQNBKYQFXNK2CV3CPWTM2/</a><br><a href="https://nvd.nist.gov/vuln/detail/CVE-2022-0909">https://nvd.nist.gov/vuln/detail/CVE-2022-0909</a><br><a href="https://security.netapp.com/advisory/ntap-20220506-0002/">https://security.netapp.com/advisory/ntap-20220506-0002/</a><br><a href="https://www.debian.org/security/2022/dsa-5108">https://www.debian.org/security/2022/dsa-5108</a><br></details> |
| tiff | CVE-2022-0924 | MEDIUM | 4.3.0-r0 | 4.3.0-r1 | <details><summary>Expand...</summary><a href="https://access.redhat.com/security/cve/CVE-2022-0924">https://access.redhat.com/security/cve/CVE-2022-0924</a><br><a href="https://gitlab.com/gitlab-org/cves/-/blob/master/2022/CVE-2022-0924.json">https://gitlab.com/gitlab-org/cves/-/blob/master/2022/CVE-2022-0924.json</a><br><a href="https://gitlab.com/libtiff/libtiff/-/issues/278">https://gitlab.com/libtiff/libtiff/-/issues/278</a><br><a href="https://gitlab.com/libtiff/libtiff/-/merge_requests/311">https://gitlab.com/libtiff/libtiff/-/merge_requests/311</a><br><a href="https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RNT2GFNRLOMKJ5KXM6JIHKBNBFDVZPD3/">https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RNT2GFNRLOMKJ5KXM6JIHKBNBFDVZPD3/</a><br><a href="https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZQ4E654ZYUUUQNBKYQFXNK2CV3CPWTM2/">https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZQ4E654ZYUUUQNBKYQFXNK2CV3CPWTM2/</a><br><a href="https://nvd.nist.gov/vuln/detail/CVE-2022-0924">https://nvd.nist.gov/vuln/detail/CVE-2022-0924</a><br><a href="https://security.netapp.com/advisory/ntap-20220506-0002/">https://security.netapp.com/advisory/ntap-20220506-0002/</a><br><a href="https://www.debian.org/security/2022/dsa-5108">https://www.debian.org/security/2022/dsa-5108</a><br></details> |
| tiff | CVE-2022-22844 | MEDIUM | 4.3.0-r0 | 4.3.0-r1 | <details><summary>Expand...</summary><a href="https://access.redhat.com/security/cve/CVE-2022-22844">https://access.redhat.com/security/cve/CVE-2022-22844</a><br><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22844">https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22844</a><br><a href="https://gitlab.com/libtiff/libtiff/-/issues/355">https://gitlab.com/libtiff/libtiff/-/issues/355</a><br><a href="https://gitlab.com/libtiff/libtiff/-/merge_requests/287">https://gitlab.com/libtiff/libtiff/-/merge_requests/287</a><br><a href="https://lists.debian.org/debian-lts-announce/2022/03/msg00001.html">https://lists.debian.org/debian-lts-announce/2022/03/msg00001.html</a><br><a href="https://nvd.nist.gov/vuln/detail/CVE-2022-22844">https://nvd.nist.gov/vuln/detail/CVE-2022-22844</a><br><a href="https://security.netapp.com/advisory/ntap-20220311-0002/">https://security.netapp.com/advisory/ntap-20220311-0002/</a><br><a href="https://www.debian.org/security/2022/dsa-5108">https://www.debian.org/security/2022/dsa-5108</a><br></details> |
**node-pkg**
| Package | Vulnerability | Severity | Installed Version | Fixed Version | Links |
|:----------------|:------------------:|:-----------:|:------------------:|:-------------:|-----------------------------------------|
| ansi-regex | CVE-2021-3807 | HIGH | 3.0.0 | 3.0.1, 4.1.1, 5.0.1, 6.0.1 | <details><summary>Expand...</summary><a href="https://access.redhat.com/security/cve/CVE-2021-3807">https://access.redhat.com/security/cve/CVE-2021-3807</a><br><a href="https://app.snyk.io/vuln/SNYK-JS-ANSIREGEX-1583908">https://app.snyk.io/vuln/SNYK-JS-ANSIREGEX-1583908</a><br><a href="https://github.com/advisories/GHSA-93q8-gq69-wqmw">https://github.com/advisories/GHSA-93q8-gq69-wqmw</a><br><a href="https://github.com/chalk/ansi-regex/commit/8d1d7cdb586269882c4bdc1b7325d0c58c8f76f9">https://github.com/chalk/ansi-regex/commit/8d1d7cdb586269882c4bdc1b7325d0c58c8f76f9</a><br><a href="https://github.com/chalk/ansi-regex/issues/38#issuecomment-924086311">https://github.com/chalk/ansi-regex/issues/38#issuecomment-924086311</a><br><a href="https://github.com/chalk/ansi-regex/issues/38#issuecomment-925924774">https://github.com/chalk/ansi-regex/issues/38#issuecomment-925924774</a><br><a href="https://github.com/chalk/ansi-regex/releases/tag/v6.0.1">https://github.com/chalk/ansi-regex/releases/tag/v6.0.1</a><br><a href="https://huntr.dev/bounties/5b3cf33b-ede0-4398-9974-800876dfd994">https://huntr.dev/bounties/5b3cf33b-ede0-4398-9974-800876dfd994</a><br><a href="https://linux.oracle.com/cve/CVE-2021-3807.html">https://linux.oracle.com/cve/CVE-2021-3807.html</a><br><a href="https://linux.oracle.com/errata/ELSA-2022-0350.html">https://linux.oracle.com/errata/ELSA-2022-0350.html</a><br><a href="https://nvd.nist.gov/vuln/detail/CVE-2021-3807">https://nvd.nist.gov/vuln/detail/CVE-2021-3807</a><br><a href="https://www.oracle.com/security-alerts/cpuapr2022.html">https://www.oracle.com/security-alerts/cpuapr2022.html</a><br></details> |
| ansi-regex | CVE-2021-3807 | HIGH | 5.0.0 | 3.0.1, 4.1.1, 5.0.1, 6.0.1 | <details><summary>Expand...</summary><a href="https://access.redhat.com/security/cve/CVE-2021-3807">https://access.redhat.com/security/cve/CVE-2021-3807</a><br><a href="https://app.snyk.io/vuln/SNYK-JS-ANSIREGEX-1583908">https://app.snyk.io/vuln/SNYK-JS-ANSIREGEX-1583908</a><br><a href="https://github.com/advisories/GHSA-93q8-gq69-wqmw">https://github.com/advisories/GHSA-93q8-gq69-wqmw</a><br><a href="https://github.com/chalk/ansi-regex/commit/8d1d7cdb586269882c4bdc1b7325d0c58c8f76f9">https://github.com/chalk/ansi-regex/commit/8d1d7cdb586269882c4bdc1b7325d0c58c8f76f9</a><br><a href="https://github.com/chalk/ansi-regex/issues/38#issuecomment-924086311">https://github.com/chalk/ansi-regex/issues/38#issuecomment-924086311</a><br><a href="https://github.com/chalk/ansi-regex/issues/38#issuecomment-925924774">https://github.com/chalk/ansi-regex/issues/38#issuecomment-925924774</a><br><a href="https://github.com/chalk/ansi-regex/releases/tag/v6.0.1">https://github.com/chalk/ansi-regex/releases/tag/v6.0.1</a><br><a href="https://huntr.dev/bounties/5b3cf33b-ede0-4398-9974-800876dfd994">https://huntr.dev/bounties/5b3cf33b-ede0-4398-9974-800876dfd994</a><br><a href="https://linux.oracle.com/cve/CVE-2021-3807.html">https://linux.oracle.com/cve/CVE-2021-3807.html</a><br><a href="https://linux.oracle.com/errata/ELSA-2022-0350.html">https://linux.oracle.com/errata/ELSA-2022-0350.html</a><br><a href="https://nvd.nist.gov/vuln/detail/CVE-2021-3807">https://nvd.nist.gov/vuln/detail/CVE-2021-3807</a><br><a href="https://www.oracle.com/security-alerts/cpuapr2022.html">https://www.oracle.com/security-alerts/cpuapr2022.html</a><br></details> |
| async | CVE-2021-43138 | HIGH | 2.6.3 | 2.6.4, 3.2.2 | <details><summary>Expand...</summary><a href="https://github.com/advisories/GHSA-fwr7-v2mv-hh25">https://github.com/advisories/GHSA-fwr7-v2mv-hh25</a><br><a href="https://github.com/caolan/async/blob/master/lib/internal/iterator.js">https://github.com/caolan/async/blob/master/lib/internal/iterator.js</a><br><a href="https://github.com/caolan/async/blob/master/lib/mapValuesLimit.js">https://github.com/caolan/async/blob/master/lib/mapValuesLimit.js</a><br><a href="https://github.com/caolan/async/blob/v2.6.4/CHANGELOG.md#v264">https://github.com/caolan/async/blob/v2.6.4/CHANGELOG.md#v264</a><br><a href="https://github.com/caolan/async/commit/8f7f90342a6571ba1c197d747ebed30c368096d2">https://github.com/caolan/async/commit/8f7f90342a6571ba1c197d747ebed30c368096d2</a><br><a href="https://github.com/caolan/async/commit/e1ecdbf79264f9ab488c7799f4c76996d5dca66d">https://github.com/caolan/async/commit/e1ecdbf79264f9ab488c7799f4c76996d5dca66d</a><br><a href="https://github.com/caolan/async/compare/v2.6.3...v2.6.4">https://github.com/caolan/async/compare/v2.6.3...v2.6.4</a><br><a href="https://github.com/caolan/async/pull/1828">https://github.com/caolan/async/pull/1828</a><br><a href="https://jsfiddle.net/oz5twjd9/">https://jsfiddle.net/oz5twjd9/</a><br><a href="https://nvd.nist.gov/vuln/detail/CVE-2021-43138">https://nvd.nist.gov/vuln/detail/CVE-2021-43138</a><br></details> |
| glob-parent | CVE-2020-28469 | HIGH | 3.1.0 | 5.1.2 | <details><summary>Expand...</summary><a href="https://access.redhat.com/security/cve/CVE-2020-28469">https://access.redhat.com/security/cve/CVE-2020-28469</a><br><a href="https://github.com/advisories/GHSA-ww39-953v-wcq6">https://github.com/advisories/GHSA-ww39-953v-wcq6</a><br><a href="https://github.com/gulpjs/glob-parent/blob/6ce8d11f2f1ed8e80a9526b1dc8cf3aa71f43474/index.js%23L9">https://github.com/gulpjs/glob-parent/blob/6ce8d11f2f1ed8e80a9526b1dc8cf3aa71f43474/index.js%23L9</a><br><a href="https://github.com/gulpjs/glob-parent/pull/36">https://github.com/gulpjs/glob-parent/pull/36</a><br><a href="https://github.com/gulpjs/glob-parent/releases/tag/v5.1.2">https://github.com/gulpjs/glob-parent/releases/tag/v5.1.2</a><br><a href="https://linux.oracle.com/cve/CVE-2020-28469.html">https://linux.oracle.com/cve/CVE-2020-28469.html</a><br><a href="https://linux.oracle.com/errata/ELSA-2022-0350.html">https://linux.oracle.com/errata/ELSA-2022-0350.html</a><br><a href="https://nvd.nist.gov/vuln/detail/CVE-2020-28469">https://nvd.nist.gov/vuln/detail/CVE-2020-28469</a><br><a href="https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSBOWERGITHUBES128-1059093">https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSBOWERGITHUBES128-1059093</a><br><a href="https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSNPM-1059092">https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSNPM-1059092</a><br><a href="https://snyk.io/vuln/SNYK-JS-GLOBPARENT-1016905">https://snyk.io/vuln/SNYK-JS-GLOBPARENT-1016905</a><br><a href="https://www.oracle.com/security-alerts/cpujan2022.html">https://www.oracle.com/security-alerts/cpujan2022.html</a><br></details> |
| npm | CVE-2022-29244 | MEDIUM | 8.1.2 | 8.11.0 | <details><summary>Expand...</summary><a href="https://github.com/advisories/GHSA-hj9c-8jmm-8c52">https://github.com/advisories/GHSA-hj9c-8jmm-8c52</a><br><a href="https://github.com/nodejs/node/releases/tag/v16.15.1">https://github.com/nodejs/node/releases/tag/v16.15.1</a><br><a href="https://github.com/nodejs/node/releases/tag/v17.9.1">https://github.com/nodejs/node/releases/tag/v17.9.1</a><br><a href="https://github.com/nodejs/node/releases/tag/v18.3.0">https://github.com/nodejs/node/releases/tag/v18.3.0</a><br><a href="https://github.com/npm/cli/releases/tag/v8.11.0">https://github.com/npm/cli/releases/tag/v8.11.0</a><br><a href="https://github.com/npm/cli/security/advisories/GHSA-hj9c-8jmm-8c52">https://github.com/npm/cli/security/advisories/GHSA-hj9c-8jmm-8c52</a><br><a href="https://github.com/npm/cli/tree/latest/workspaces/libnpmpack">https://github.com/npm/cli/tree/latest/workspaces/libnpmpack</a><br><a href="https://github.com/npm/cli/tree/latest/workspaces/libnpmpublish">https://github.com/npm/cli/tree/latest/workspaces/libnpmpublish</a><br><a href="https://github.com/npm/npm-packlist">https://github.com/npm/npm-packlist</a><br></details> |
| nth-check | CVE-2021-3803 | HIGH | 1.0.2 | 2.0.1 | <details><summary>Expand...</summary><a href="https://access.redhat.com/security/cve/CVE-2021-3803">https://access.redhat.com/security/cve/CVE-2021-3803</a><br><a href="https://github.com/advisories/GHSA-rp65-9cf3-cjxr">https://github.com/advisories/GHSA-rp65-9cf3-cjxr</a><br><a href="https://github.com/fb55/nth-check/commit/9894c1d2010870c351f66c6f6efcf656e26bb726">https://github.com/fb55/nth-check/commit/9894c1d2010870c351f66c6f6efcf656e26bb726</a><br><a href="https://huntr.dev/bounties/8cf8cc06-d2cf-4b4e-b42c-99fafb0b04d0">https://huntr.dev/bounties/8cf8cc06-d2cf-4b4e-b42c-99fafb0b04d0</a><br><a href="https://nvd.nist.gov/vuln/detail/CVE-2021-3803">https://nvd.nist.gov/vuln/detail/CVE-2021-3803</a><br></details> |
| puppeteer | CVE-2019-5786 | MEDIUM | 1.0.0 | 1.13.0 | <details><summary>Expand...</summary><a href="https://access.redhat.com/security/cve/CVE-2019-5786">https://access.redhat.com/security/cve/CVE-2019-5786</a><br><a href="https://blog.exodusintel.com/2019/03/20/cve-2019-5786-analysis-and-exploitation/">https://blog.exodusintel.com/2019/03/20/cve-2019-5786-analysis-and-exploitation/</a><br><a href="https://chromereleases.googleblog.com/2019/03/stable-channel-update-for-desktop.html">https://chromereleases.googleblog.com/2019/03/stable-channel-update-for-desktop.html</a><br><a href="https://crbug.com/936448">https://crbug.com/936448</a><br><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5786">https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5786</a><br><a href="https://electronjs.org/blog/filereader-fix">https://electronjs.org/blog/filereader-fix</a><br><a href="https://github.com/GoogleChrome/puppeteer/issues/4141">https://github.com/GoogleChrome/puppeteer/issues/4141</a><br><a href="https://github.com/advisories/GHSA-c2gp-86p4-5935">https://github.com/advisories/GHSA-c2gp-86p4-5935</a><br><a href="https://nvd.nist.gov/vuln/detail/CVE-2019-5786">https://nvd.nist.gov/vuln/detail/CVE-2019-5786</a><br><a href="https://security.googleblog.com/2019/03/disclosing-vulnerabilities-to-protect.html">https://security.googleblog.com/2019/03/disclosing-vulnerabilities-to-protect.html</a><br><a href="https://snyk.io/vuln/SNYK-JS-PUPPETEER-174321">https://snyk.io/vuln/SNYK-JS-PUPPETEER-174321</a><br><a href="https://www.cisecurity.org/advisory/a-vulnerability-in-google-chrome-could-allow-for-arbitrary-code-execution_2019-026/">https://www.cisecurity.org/advisory/a-vulnerability-in-google-chrome-could-allow-for-arbitrary-code-execution_2019-026/</a><br><a href="https://www.npmjs.com/advisories/824">https://www.npmjs.com/advisories/824</a><br></details> |
View Git Blame Copy Permalink