docker.io/ailg/g-box:250207 linux/amd64

docker.io/ailg/g-box:250207 - Trivy安全扫描结果扫描时间: 2025-02-12 03:03

全部漏洞信息

低危漏洞:5

中危漏洞:36

高危漏洞:25

严重漏洞:6

系统OS: alpine 3.17.10 扫描引擎: Trivy 扫描时间: 2025-02-12 03:03

docker.io/ailg/g-box:250207 (alpine 3.17.10) (alpine)

低危漏洞:2

中危漏洞:0

高危漏洞:0

严重漏洞:0

软件包	漏洞	安全状态	安装版本	修复版本	漏洞信息
libcrypto3	CVE-2024-9143	低危	3.0.15-r0	3.0.15-r1	openssl: Low-level invalid GF(2^m) parameters lead to OOB memory access 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-9143 镜像层: sha256:8d78b2117a5b8bff0a001610c8e3eecb6dcfd5e82a25d23048df7a09e77d6307 发布日期: 2024-10-16 17:15 修改: 2024-11-08 16:35
libssl3	CVE-2024-9143	低危	3.0.15-r0	3.0.15-r1	openssl: Low-level invalid GF(2^m) parameters lead to OOB memory access 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-9143 镜像层: sha256:8d78b2117a5b8bff0a001610c8e3eecb6dcfd5e82a25d23048df7a09e77d6307 发布日期: 2024-10-16 17:15 修改: 2024-11-08 16:35

软件包

漏洞

安全状态

安装版本

修复版本

漏洞信息

libcrypto3

CVE-2024-9143

低危

3.0.15-r0

3.0.15-r1

openssl: Low-level invalid GF(2^m) parameters lead to OOB memory access

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-9143

镜像层: sha256:8d78b2117a5b8bff0a001610c8e3eecb6dcfd5e82a25d23048df7a09e77d6307

发布日期: 2024-10-16 17:15 修改: 2024-11-08 16:35

libssl3

CVE-2024-9143

低危

3.0.15-r0

3.0.15-r1

openssl: Low-level invalid GF(2^m) parameters lead to OOB memory access

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-9143

镜像层: sha256:8d78b2117a5b8bff0a001610c8e3eecb6dcfd5e82a25d23048df7a09e77d6307

发布日期: 2024-10-16 17:15 修改: 2024-11-08 16:35

Java (jar)

低危漏洞:1

中危漏洞:14

高危漏洞:17

严重漏洞:1

软件包	漏洞	安全状态	安装版本	修复版本	漏洞信息
org.springframework.security:spring-security-web	CVE-2024-38821	严重	6.1.2	5.7.13, 5.8.15, 6.2.7, 6.0.13, 6.1.11, 6.3.4	Spring-WebFlux: Authorization Bypass of Static Resources in WebFlux Applications 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-38821 镜像层: sha256:2db25abe2ebda599053fb39e06edb145f3a59c6ef54f9040c5f0f5e68b2b3822 发布日期: 2024-10-28 07:15 修改: 2024-10-28 13:58
ch.qos.logback:logback-core	CVE-2023-6378	高危	1.4.8	1.3.12, 1.4.12, 1.2.13	logback: serialization vulnerability in logback receiver 漏洞详情: https://avd.aquasec.com/nvd/cve-2023-6378 镜像层: sha256:2db25abe2ebda599053fb39e06edb145f3a59c6ef54f9040c5f0f5e68b2b3822 发布日期: 2023-11-29 12:15 修改: 2024-11-29 12:15
com.h2database:h2	CVE-2022-45868	高危	2.1.214	2.2.220	The web-based admin console in H2 Database Engine before 2.2.220 can b ... 漏洞详情: https://avd.aquasec.com/nvd/cve-2022-45868 镜像层: sha256:2db25abe2ebda599053fb39e06edb145f3a59c6ef54f9040c5f0f5e68b2b3822 发布日期: 2022-11-23 21:15 修改: 2024-08-03 15:15
commons-io:commons-io	CVE-2024-47554	高危	2.11.0	2.14.0	apache-commons-io: Possible denial of service attack on untrusted input to XmlStreamReader 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-47554 镜像层: sha256:2db25abe2ebda599053fb39e06edb145f3a59c6ef54f9040c5f0f5e68b2b3822 发布日期: 2024-10-03 12:15 修改: 2024-12-04 15:15
org.apache.tomcat.embed:tomcat-embed-core	CVE-2023-46589	高危	10.1.11	11.0.0-M11, 10.1.16, 9.0.83, 8.5.96	tomcat: HTTP request smuggling via malformed trailer headers 漏洞详情: https://avd.aquasec.com/nvd/cve-2023-46589 镜像层: sha256:2db25abe2ebda599053fb39e06edb145f3a59c6ef54f9040c5f0f5e68b2b3822 发布日期: 2023-11-28 16:15 修改: 2024-07-12 16:11
org.apache.tomcat.embed:tomcat-embed-core	CVE-2024-34750	高危	10.1.11	11.0.0-M21, 10.1.25, 9.0.90	tomcat: Improper Handling of Exceptional Conditions 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-34750 镜像层: sha256:2db25abe2ebda599053fb39e06edb145f3a59c6ef54f9040c5f0f5e68b2b3822 发布日期: 2024-07-03 20:15 修改: 2024-07-09 16:22
org.apache.tomcat.embed:tomcat-embed-core	CVE-2024-50379	高危	10.1.11	11.0.2, 10.1.34, 9.0.98	tomcat: RCE due to TOCTOU issue in JSP compilation 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-50379 镜像层: sha256:2db25abe2ebda599053fb39e06edb145f3a59c6ef54f9040c5f0f5e68b2b3822 发布日期: 2024-12-17 13:15 修改: 2025-01-03 12:15
org.apache.tomcat.embed:tomcat-embed-core	CVE-2024-56337	高危	10.1.11	11.0.2, 10.1.34, 9.0.98	tomcat: Incomplete fix for CVE-2024-50379 - RCE due to TOCTOU issue in JSP compilation 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-56337 镜像层: sha256:2db25abe2ebda599053fb39e06edb145f3a59c6ef54f9040c5f0f5e68b2b3822 发布日期: 2024-12-20 16:15 修改: 2025-01-03 12:15
org.springframework.security:spring-security-core	CVE-2024-22234	高危	6.1.2	6.1.7, 6.2.2	spring-security: Broken Access Control in Spring Security With Direct Use of isFullyAuthenticated 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-22234 镜像层: sha256:2db25abe2ebda599053fb39e06edb145f3a59c6ef54f9040c5f0f5e68b2b3822 发布日期: 2024-02-20 07:15 修改: 2024-08-01 13:46
org.springframework.security:spring-security-core	CVE-2024-22257	高危	6.1.2	5.7.12, 5.8.11, 6.1.8, 6.2.3	spring-security: Broken Access Control With Direct Use of AuthenticatedVoter 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-22257 镜像层: sha256:2db25abe2ebda599053fb39e06edb145f3a59c6ef54f9040c5f0f5e68b2b3822 发布日期: 2024-03-18 15:15 修改: 2024-11-12 16:35
ch.qos.logback:logback-classic	CVE-2023-6378	高危	1.4.8	1.3.12, 1.4.12, 1.2.13	logback: serialization vulnerability in logback receiver 漏洞详情: https://avd.aquasec.com/nvd/cve-2023-6378 镜像层: sha256:2db25abe2ebda599053fb39e06edb145f3a59c6ef54f9040c5f0f5e68b2b3822 发布日期: 2023-11-29 12:15 修改: 2024-11-29 12:15
org.springframework:spring-web	CVE-2024-22243	高危	6.0.11	6.1.4, 6.0.17, 5.3.32	springframework: URL Parsing with Host Validation 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-22243 镜像层: sha256:2db25abe2ebda599053fb39e06edb145f3a59c6ef54f9040c5f0f5e68b2b3822 发布日期: 2024-02-23 05:15 修改: 2024-08-22 15:35
org.springframework:spring-web	CVE-2024-22259	高危	6.0.11	6.1.5, 6.0.18, 5.3.33	springframework: URL Parsing with Host Validation 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-22259 镜像层: sha256:2db25abe2ebda599053fb39e06edb145f3a59c6ef54f9040c5f0f5e68b2b3822 发布日期: 2024-03-16 05:15 修改: 2024-07-03 01:47
org.springframework:spring-web	CVE-2024-22262	高危	6.0.11	5.3.34, 6.0.19, 6.1.6	springframework: URL Parsing with Host Validation 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-22262 镜像层: sha256:2db25abe2ebda599053fb39e06edb145f3a59c6ef54f9040c5f0f5e68b2b3822 发布日期: 2024-04-16 06:15 修改: 2024-08-27 14:35
org.springframework:spring-webmvc	CVE-2023-34053	高危	6.0.11	6.0.14	springframework: io.micrometer: micrometer-core classpath vulnerable to denial of service 漏洞详情: https://avd.aquasec.com/nvd/cve-2023-34053 镜像层: sha256:2db25abe2ebda599053fb39e06edb145f3a59c6ef54f9040c5f0f5e68b2b3822 发布日期: 2023-11-28 09:15 修改: 2023-12-14 10:15
org.springframework:spring-webmvc	CVE-2024-38816	高危	6.0.11	6.1.13	spring-webmvc: Path Traversal Vulnerability in Spring Applications Using RouterFunctions and FileSystemResource 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-38816 镜像层: sha256:2db25abe2ebda599053fb39e06edb145f3a59c6ef54f9040c5f0f5e68b2b3822 发布日期: 2024-09-13 06:15 修改: 2024-12-27 16:15
org.springframework:spring-webmvc	CVE-2024-38819	高危	6.0.11	6.1.14	org.springframework:spring-webmvc: Path traversal vulnerability in functional web frameworks 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-38819 镜像层: sha256:2db25abe2ebda599053fb39e06edb145f3a59c6ef54f9040c5f0f5e68b2b3822 发布日期: 2024-12-19 18:15 修改: 2025-01-10 13:15
org.yaml:snakeyaml	CVE-2022-1471	高危	1.33	2.0	SnakeYaml: Constructor Deserialization Remote Code Execution 漏洞详情: https://avd.aquasec.com/nvd/cve-2022-1471 镜像层: sha256:2db25abe2ebda599053fb39e06edb145f3a59c6ef54f9040c5f0f5e68b2b3822 发布日期: 2022-12-01 11:15 修改: 2024-06-21 19:15
org.springframework.security:spring-security-config	CVE-2023-34042	中危	6.1.2	6.1.4, 6.0.7, 5.8.7, 5.7.11	spring-security-config: Incorrect Permission Assignment for spring-security.xsd 漏洞详情: https://avd.aquasec.com/nvd/cve-2023-34042 镜像层: sha256:2db25abe2ebda599053fb39e06edb145f3a59c6ef54f9040c5f0f5e68b2b3822 发布日期: 2024-02-05 22:15 修改: 2024-11-29 12:15
com.squareup.okio:okio-jvm	CVE-2023-3635	中危	3.0.0	3.4.0	okio: GzipSource class improper exception handling 漏洞详情: https://avd.aquasec.com/nvd/cve-2023-3635 镜像层: sha256:2db25abe2ebda599053fb39e06edb145f3a59c6ef54f9040c5f0f5e68b2b3822 发布日期: 2023-07-12 19:15 修改: 2023-10-25 15:17
ch.qos.logback:logback-core	CVE-2024-12798	中危	1.4.8	1.5.13, 1.3.15	logback-core: arbitrary code execution via JaninoEventEvaluator 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-12798 镜像层: sha256:2db25abe2ebda599053fb39e06edb145f3a59c6ef54f9040c5f0f5e68b2b3822 发布日期: 2024-12-19 16:15 修改: 2025-01-03 14:15
org.springframework.security:spring-security-core	CVE-2024-38827	中危	6.1.2	5.7.14, 5.8.16, 6.0.14, 6.1.12, 6.2.8, 6.3.5	spring-security: authorization bypass for case sensitive comparisons 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-38827 镜像层: sha256:2db25abe2ebda599053fb39e06edb145f3a59c6ef54f9040c5f0f5e68b2b3822 发布日期: 2024-12-02 15:15 修改: 2024-12-02 15:15
io.netty:netty-codec-http	CVE-2024-29025	中危	4.1.94.Final	4.1.108.Final	netty-codec-http: Allocation of Resources Without Limits or Throttling 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-29025 镜像层: sha256:2db25abe2ebda599053fb39e06edb145f3a59c6ef54f9040c5f0f5e68b2b3822 发布日期: 2024-03-25 20:15 修改: 2024-06-21 22:15
org.springframework:spring-context	CVE-2024-38820	中危	6.0.11	6.1.14	The fix for CVE-2022-22968 made disallowedFieldspatterns in DataBinder ... 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-38820 镜像层: sha256:2db25abe2ebda599053fb39e06edb145f3a59c6ef54f9040c5f0f5e68b2b3822 发布日期: 2024-10-18 06:15 修改: 2024-11-29 12:15
io.netty:netty-common	CVE-2024-47535	中危	4.1.94.Final	4.1.115	netty: Denial of Service attack on windows app using Netty 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-47535 镜像层: sha256:2db25abe2ebda599053fb39e06edb145f3a59c6ef54f9040c5f0f5e68b2b3822 发布日期: 2024-11-12 16:15 修改: 2024-11-13 17:01
org.apache.tomcat.embed:tomcat-embed-core	CVE-2023-41080	中危	10.1.11	8.5.93, 9.0.80, 10.1.13, 11.0.0-M11	tomcat: Open Redirect vulnerability in FORM authentication 漏洞详情: https://avd.aquasec.com/nvd/cve-2023-41080 镜像层: sha256:2db25abe2ebda599053fb39e06edb145f3a59c6ef54f9040c5f0f5e68b2b3822 发布日期: 2023-08-25 21:15 修改: 2023-11-03 19:00
org.apache.tomcat.embed:tomcat-embed-core	CVE-2023-42795	中危	10.1.11	11.0.0-M12, 10.1.14, 9.0.81, 8.5.94	tomcat: improper cleaning of recycled objects could lead to information leak 漏洞详情: https://avd.aquasec.com/nvd/cve-2023-42795 镜像层: sha256:2db25abe2ebda599053fb39e06edb145f3a59c6ef54f9040c5f0f5e68b2b3822 发布日期: 2023-10-10 18:15 修改: 2023-11-04 06:15
org.springframework:spring-web	CVE-2024-38809	中危	6.0.11	5.3.38, 6.0.23, 6.1.12	org.springframework:spring-web: Spring Framework DoS via conditional HTTP request 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-38809 镜像层: sha256:2db25abe2ebda599053fb39e06edb145f3a59c6ef54f9040c5f0f5e68b2b3822 发布日期: 2024-09-27 17:15 修改: 2024-09-30 12:45
org.apache.tomcat.embed:tomcat-embed-core	CVE-2023-44487	中危	10.1.11	11.0.0-M12, 10.1.14, 9.0.81, 8.5.94	HTTP/2: Multiple HTTP/2 enabled web servers are vulnerable to a DDoS attack (Rapid Reset Attack) 漏洞详情: https://avd.aquasec.com/nvd/cve-2023-44487 镜像层: sha256:2db25abe2ebda599053fb39e06edb145f3a59c6ef54f9040c5f0f5e68b2b3822 发布日期: 2023-10-10 14:15 修改: 2024-12-20 17:40
org.apache.tomcat.embed:tomcat-embed-core	CVE-2023-45648	中危	10.1.11	11.0.0-M12, 10.1.14, 9.0.81, 8.5.94	tomcat: incorrectly parsed http trailer headers can cause request smuggling 漏洞详情: https://avd.aquasec.com/nvd/cve-2023-45648 镜像层: sha256:2db25abe2ebda599053fb39e06edb145f3a59c6ef54f9040c5f0f5e68b2b3822 发布日期: 2023-10-10 19:15 修改: 2023-11-04 06:15
org.apache.tomcat.embed:tomcat-embed-core	CVE-2024-24549	中危	10.1.11	8.5.99, 9.0.86, 10.1.19, 11.0.0-M17	Tomcat: HTTP/2 header handling DoS 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-24549 镜像层: sha256:2db25abe2ebda599053fb39e06edb145f3a59c6ef54f9040c5f0f5e68b2b3822 发布日期: 2024-03-13 16:15 修改: 2024-11-04 22:35
org.apache.tomcat.embed:tomcat-embed-websocket	CVE-2024-23672	中危	10.1.11	11.0.0-M17, 10.1.19, 9.0.86, 8.5.99	Tomcat: WebSocket DoS with incomplete closing handshake 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-23672 镜像层: sha256:2db25abe2ebda599053fb39e06edb145f3a59c6ef54f9040c5f0f5e68b2b3822 发布日期: 2024-03-13 16:15 修改: 2024-11-18 22:35
ch.qos.logback:logback-core	CVE-2024-12801	低危	1.4.8	1.5.13, 1.3.15	logback-core: SaxEventRecorder vulnerable to Server-Side Request Forgery (SSRF) attacks 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-12801 镜像层: sha256:2db25abe2ebda599053fb39e06edb145f3a59c6ef54f9040c5f0f5e68b2b3822 发布日期: 2024-12-19 17:15 修改: 2025-01-03 14:15

app/sun-panel (gobinary)

低危漏洞:0

中危漏洞:9

高危漏洞:3

严重漏洞:2

软件包	漏洞	安全状态	安装版本	修复版本	漏洞信息
golang.org/x/crypto	CVE-2024-45337	严重	v0.23.0	0.31.0	golang.org/x/crypto/ssh: Misuse of ServerConfig.PublicKeyCallback may cause authorization bypass in golang.org/x/crypto 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-45337 镜像层: sha256:9ec2d8fb29f5df000cf726e50ee4e724a7dac599a430a5d9fe78885bd81ab01d 发布日期: 2024-12-12 02:02 修改: 2024-12-12 21:15
stdlib	CVE-2024-24790	严重	1.21.10	1.21.11, 1.22.4	golang: net/netip: Unexpected behavior from Is methods for IPv4-mapped IPv6 addresses 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-24790 镜像层: sha256:9ec2d8fb29f5df000cf726e50ee4e724a7dac599a430a5d9fe78885bd81ab01d 发布日期: 2024-06-05 16:15 修改: 2024-09-03 18:35
golang.org/x/net	CVE-2024-45338	高危	v0.25.0	0.33.0	golang.org/x/net/html: Non-linear parsing of case-insensitive content in golang.org/x/net/html 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-45338 镜像层: sha256:9ec2d8fb29f5df000cf726e50ee4e724a7dac599a430a5d9fe78885bd81ab01d 发布日期: 2024-12-18 21:15 修改: 2024-12-31 20:16
golang.org/x/image	CVE-2024-24792	高危	v0.0.0-20190802002840-cff245a6509b	0.18.0	Parsing a corrupt or malicious image with invalid color indices can ca ... 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-24792 镜像层: sha256:9ec2d8fb29f5df000cf726e50ee4e724a7dac599a430a5d9fe78885bd81ab01d 发布日期: 2024-06-27 18:15 修改: 2024-08-01 13:47
stdlib	CVE-2024-34156	高危	1.21.10	1.22.7, 1.23.1	encoding/gob: golang: Calling Decoder.Decode on a message which contains deeply nested structures can cause a panic due to stack exhaustion 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-34156 镜像层: sha256:9ec2d8fb29f5df000cf726e50ee4e724a7dac599a430a5d9fe78885bd81ab01d 发布日期: 2024-09-06 21:15 修改: 2024-09-09 15:35
golang.org/x/image	CVE-2023-29407	中危	v0.0.0-20190802002840-cff245a6509b	0.10.0	golang.org/x/image/tiff: excessive CPU consumption in decoding 漏洞详情: https://avd.aquasec.com/nvd/cve-2023-29407 镜像层: sha256:9ec2d8fb29f5df000cf726e50ee4e724a7dac599a430a5d9fe78885bd81ab01d 发布日期: 2023-08-02 20:15 修改: 2023-11-07 04:11
golang.org/x/image	CVE-2023-29408	中危	v0.0.0-20190802002840-cff245a6509b	0.10.0	golang.org/x/image/tiff: TIFF decoder does not place a limit on the size of compressed tile data 漏洞详情: https://avd.aquasec.com/nvd/cve-2023-29408 镜像层: sha256:9ec2d8fb29f5df000cf726e50ee4e724a7dac599a430a5d9fe78885bd81ab01d 发布日期: 2023-08-02 20:15 修改: 2023-11-07 04:11
github.com/gin-gonic/gin	CVE-2023-29401	中危	v1.9.0	1.9.1	golang-github-gin-gonic-gin: Gin Web Framework does not properly sanitize filename parameter of Context.FileAttachment function 漏洞详情: https://avd.aquasec.com/nvd/cve-2023-29401 镜像层: sha256:9ec2d8fb29f5df000cf726e50ee4e724a7dac599a430a5d9fe78885bd81ab01d 发布日期: 2023-06-08 21:15 修改: 2025-01-06 20:15
github.com/mojocn/base64Captcha	CVE-2023-45292	中危	v1.3.5	1.3.6	Always incorrect control flow in github.com/mojocn/base64Captcha 漏洞详情: https://avd.aquasec.com/nvd/cve-2023-45292 镜像层: sha256:9ec2d8fb29f5df000cf726e50ee4e724a7dac599a430a5d9fe78885bd81ab01d 发布日期: 2023-12-11 22:15 修改: 2023-12-14 16:26
golang.org/x/image	CVE-2022-41727	中危	v0.0.0-20190802002840-cff245a6509b	0.5.0	golang.org/x/image: Uncontrolled Resource Consumption 漏洞详情: https://avd.aquasec.com/nvd/cve-2022-41727 镜像层: sha256:9ec2d8fb29f5df000cf726e50ee4e724a7dac599a430a5d9fe78885bd81ab01d 发布日期: 2023-02-28 18:15 修改: 2023-11-07 03:52
stdlib	CVE-2024-24789	中危	1.21.10	1.21.11, 1.22.4	golang: archive/zip: Incorrect handling of certain ZIP files 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-24789 镜像层: sha256:9ec2d8fb29f5df000cf726e50ee4e724a7dac599a430a5d9fe78885bd81ab01d 发布日期: 2024-06-05 16:15 修改: 2024-07-03 01:48
stdlib	CVE-2024-24791	中危	1.21.10	1.21.12, 1.22.5	net/http: Denial of service due to improper 100-continue handling in net/http 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-24791 镜像层: sha256:9ec2d8fb29f5df000cf726e50ee4e724a7dac599a430a5d9fe78885bd81ab01d 发布日期: 2024-07-02 22:15 修改: 2024-07-08 14:17
stdlib	CVE-2024-34155	中危	1.21.10	1.22.7, 1.23.1	go/parser: golang: Calling any of the Parse functions containing deeply nested literals can cause a panic/stack exhaustion 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-34155 镜像层: sha256:9ec2d8fb29f5df000cf726e50ee4e724a7dac599a430a5d9fe78885bd81ab01d 发布日期: 2024-09-06 21:15 修改: 2024-11-04 17:35
stdlib	CVE-2024-34158	中危	1.21.10	1.22.7, 1.23.1	go/build/constraint: golang: Calling Parse on a "// +build" build tag line with deeply nested expressions can cause a panic due to stack exhaustion 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-34158 镜像层: sha256:9ec2d8fb29f5df000cf726e50ee4e724a7dac599a430a5d9fe78885bd81ab01d 发布日期: 2024-09-06 21:15 修改: 2024-09-09 14:35

atv-cli (gobinary)

低危漏洞:0

中危漏洞:9

高危漏洞:2

严重漏洞:1

软件包	漏洞	安全状态	安装版本	修复版本	漏洞信息
stdlib	CVE-2024-24790	严重	1.20.14	1.21.11, 1.22.4	golang: net/netip: Unexpected behavior from Is methods for IPv4-mapped IPv6 addresses 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-24790 镜像层: sha256:a110afb89bab334d82fcdec3958fbabbbdab815ad0a7dcf408d44eb83a1d3787 发布日期: 2024-06-05 16:15 修改: 2024-09-03 18:35
stdlib	CVE-2023-45288	高危	1.20.14	1.21.9, 1.22.2	golang: net/http, x/net/http2: unlimited number of CONTINUATION frames causes DoS 漏洞详情: https://avd.aquasec.com/nvd/cve-2023-45288 镜像层: sha256:a110afb89bab334d82fcdec3958fbabbbdab815ad0a7dcf408d44eb83a1d3787 发布日期: 2024-04-04 21:15 修改: 2024-08-26 21:35
stdlib	CVE-2024-34156	高危	1.20.14	1.22.7, 1.23.1	encoding/gob: golang: Calling Decoder.Decode on a message which contains deeply nested structures can cause a panic due to stack exhaustion 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-34156 镜像层: sha256:a110afb89bab334d82fcdec3958fbabbbdab815ad0a7dcf408d44eb83a1d3787 发布日期: 2024-09-06 21:15 修改: 2024-09-09 15:35
stdlib	CVE-2023-45289	中危	1.20.14	1.21.8, 1.22.1	golang: net/http/cookiejar: incorrect forwarding of sensitive headers and cookies on HTTP redirect 漏洞详情: https://avd.aquasec.com/nvd/cve-2023-45289 镜像层: sha256:a110afb89bab334d82fcdec3958fbabbbdab815ad0a7dcf408d44eb83a1d3787 发布日期: 2024-03-05 23:15 修改: 2024-11-04 19:35
stdlib	CVE-2023-45290	中危	1.20.14	1.21.8, 1.22.1	golang: net/http: golang: mime/multipart: golang: net/textproto: memory exhaustion in Request.ParseMultipartForm 漏洞详情: https://avd.aquasec.com/nvd/cve-2023-45290 镜像层: sha256:a110afb89bab334d82fcdec3958fbabbbdab815ad0a7dcf408d44eb83a1d3787 发布日期: 2024-03-05 23:15 修改: 2024-11-07 11:35
stdlib	CVE-2024-24783	中危	1.20.14	1.21.8, 1.22.1	golang: crypto/x509: Verify panics on certificates with an unknown public key algorithm 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-24783 镜像层: sha256:a110afb89bab334d82fcdec3958fbabbbdab815ad0a7dcf408d44eb83a1d3787 发布日期: 2024-03-05 23:15 修改: 2024-11-05 17:35
stdlib	CVE-2024-24784	中危	1.20.14	1.21.8, 1.22.1	golang: net/mail: comments in display names are incorrectly handled 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-24784 镜像层: sha256:a110afb89bab334d82fcdec3958fbabbbdab815ad0a7dcf408d44eb83a1d3787 发布日期: 2024-03-05 23:15 修改: 2024-08-05 21:35
stdlib	CVE-2024-24785	中危	1.20.14	1.21.8, 1.22.1	golang: html/template: errors returned from MarshalJSON methods may break template escaping 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-24785 镜像层: sha256:a110afb89bab334d82fcdec3958fbabbbdab815ad0a7dcf408d44eb83a1d3787 发布日期: 2024-03-05 23:15 修改: 2024-05-01 17:15
stdlib	CVE-2024-24789	中危	1.20.14	1.21.11, 1.22.4	golang: archive/zip: Incorrect handling of certain ZIP files 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-24789 镜像层: sha256:a110afb89bab334d82fcdec3958fbabbbdab815ad0a7dcf408d44eb83a1d3787 发布日期: 2024-06-05 16:15 修改: 2024-07-03 01:48
stdlib	CVE-2024-24791	中危	1.20.14	1.21.12, 1.22.5	net/http: Denial of service due to improper 100-continue handling in net/http 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-24791 镜像层: sha256:a110afb89bab334d82fcdec3958fbabbbdab815ad0a7dcf408d44eb83a1d3787 发布日期: 2024-07-02 22:15 修改: 2024-07-08 14:17
stdlib	CVE-2024-34155	中危	1.20.14	1.22.7, 1.23.1	go/parser: golang: Calling any of the Parse functions containing deeply nested literals can cause a panic/stack exhaustion 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-34155 镜像层: sha256:a110afb89bab334d82fcdec3958fbabbbdab815ad0a7dcf408d44eb83a1d3787 发布日期: 2024-09-06 21:15 修改: 2024-11-04 17:35
stdlib	CVE-2024-34158	中危	1.20.14	1.22.7, 1.23.1	go/build/constraint: golang: Calling Parse on a "// +build" build tag line with deeply nested expressions can cause a panic due to stack exhaustion 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-34158 镜像层: sha256:a110afb89bab334d82fcdec3958fbabbbdab815ad0a7dcf408d44eb83a1d3787 发布日期: 2024-09-06 21:15 修改: 2024-09-09 14:35

opt/alist/alist (gobinary)

低危漏洞:2

中危漏洞:4

高危漏洞:3

严重漏洞:2

软件包	漏洞	安全状态	安装版本	修复版本	漏洞信息
github.com/alist-org/alist/v3	CVE-2022-45969	严重	v1.0.0	3.6.0	Alist vulnerable to Path Traversal 漏洞详情: https://avd.aquasec.com/nvd/cve-2022-45969 镜像层: sha256:3d53ba52f71e9b747df419f7f401ae47da3772b5846cf36857333931f0e180bf 发布日期: 2022-12-15 23:15 修改: 2022-12-20 03:33
golang.org/x/crypto	CVE-2024-45337	严重	v0.27.0	0.31.0	golang.org/x/crypto/ssh: Misuse of ServerConfig.PublicKeyCallback may cause authorization bypass in golang.org/x/crypto 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-45337 镜像层: sha256:3d53ba52f71e9b747df419f7f401ae47da3772b5846cf36857333931f0e180bf 发布日期: 2024-12-12 02:02 修改: 2024-12-12 21:15
github.com/alist-org/alist/v3	CVE-2023-33498	高危	v1.0.0		alist Incorrect Access Control vulnerability 漏洞详情: https://avd.aquasec.com/nvd/cve-2023-33498 镜像层: sha256:3d53ba52f71e9b747df419f7f401ae47da3772b5846cf36857333931f0e180bf 发布日期: 2023-06-07 14:15 修改: 2025-01-07 16:15
github.com/alist-org/alist/v3	CVE-2022-45968	高危	v1.0.0	3.5.1	AList vulnerable to Improper Preservation of Permissions 漏洞详情: https://avd.aquasec.com/nvd/cve-2022-45968 镜像层: sha256:3d53ba52f71e9b747df419f7f401ae47da3772b5846cf36857333931f0e180bf 发布日期: 2022-12-12 14:15 修改: 2022-12-14 19:11
golang.org/x/net	CVE-2024-45338	高危	v0.28.0	0.33.0	golang.org/x/net/html: Non-linear parsing of case-insensitive content in golang.org/x/net/html 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-45338 镜像层: sha256:3d53ba52f71e9b747df419f7f401ae47da3772b5846cf36857333931f0e180bf 发布日期: 2024-12-18 21:15 修改: 2024-12-31 20:16
github.com/rclone/rclone	CVE-2024-52522	中危	v1.67.0	1.68.2	rclone: librclone: improper permission and ownership handling on symlink targets with --links and --metadata 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-52522 镜像层: sha256:3d53ba52f71e9b747df419f7f401ae47da3772b5846cf36857333931f0e180bf 发布日期: 2024-11-15 18:15 修改: 2024-11-18 17:11
github.com/alist-org/alist/v3	CVE-2022-45970	中危	v1.0.0		Alist Cross-site Scripting vulnerability 漏洞详情: https://avd.aquasec.com/nvd/cve-2022-45970 镜像层: sha256:3d53ba52f71e9b747df419f7f401ae47da3772b5846cf36857333931f0e180bf 发布日期: 2022-12-12 14:15 修改: 2022-12-14 19:11
github.com/alist-org/alist/v3	CVE-2024-47067	中危	v1.0.0	3.29.0	Alist reflected Cross-Site Scripting vulnerability 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-47067 镜像层: sha256:3d53ba52f71e9b747df419f7f401ae47da3772b5846cf36857333931f0e180bf 发布日期: 2024-09-30 16:15 修改: 2024-11-15 16:28
gopkg.in/square/go-jose.v2	CVE-2024-28180	中危	v2.6.0		jose-go: improper handling of highly compressed data 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-28180 镜像层: sha256:3d53ba52f71e9b747df419f7f401ae47da3772b5846cf36857333931f0e180bf 发布日期: 2024-03-09 01:15 修改: 2024-06-12 02:15
github.com/disintegration/imaging	CVE-2023-36308	低危	v1.6.2		disintegration Imaging 1.6.2 allows attackers to cause a panic (becaus ... 漏洞详情: https://avd.aquasec.com/nvd/cve-2023-36308 镜像层: sha256:3d53ba52f71e9b747df419f7f401ae47da3772b5846cf36857333931f0e180bf 发布日期: 2023-09-05 04:15 修改: 2024-08-02 17:16
github.com/golang-jwt/jwt/v4	CVE-2024-51744	低危	v4.5.0	4.5.1	golang-jwt: Bad documentation of error handling in ParseWithClaims can lead to potentially dangerous situations in golang-jwt 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-51744 镜像层: sha256:5068433c6b0ec0e5bd9a4a5a454009de296bc5fa8cd77a50f76e5d7f2aea8edf 发布日期: 2024-11-04 22:15 修改: 2024-11-05 16:04