docker.io/binhex/arch-pycharm:2024.1.5-1-03 linux/amd64

docker.io/binhex/arch-pycharm:2024.1.5-1-03 - Trivy安全扫描结果 扫描时间: 2024-10-27 02:44
全部漏洞信息
低危漏洞:1 中危漏洞:9 高危漏洞:14 严重漏洞:4

系统OS: 扫描引擎: Trivy 扫描时间: 2024-10-27 02:44

Java (jar)
低危漏洞:0 中危漏洞:1 高危漏洞:2 严重漏洞:0
软件包 漏洞 安全状态 安装版本 修复版本 漏洞信息
com.google.protobuf:protobuf-java CVE-2024-7254 高危 3.24.4-jb.2 3.25.5, 4.27.5, 4.28.2 protobuf: StackOverflow vulnerability in Protocol Buffers

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-7254

镜像层: sha256:669f4ee1b50ee5eb975cb2206968993d70b94a76d14dc2521360b1d855e1fc0f

发布日期: 2024-09-19 01:15 修改: 2024-09-20 12:30
commons-io:commons-io CVE-2024-47554 高危 2.8.0 2.14.0 apache-commons-io: Possible denial of service attack on untrusted input to XmlStreamReader

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-47554

镜像层: sha256:669f4ee1b50ee5eb975cb2206968993d70b94a76d14dc2521360b1d855e1fc0f

发布日期: 2024-10-03 12:15 修改: 2024-10-04 13:50
io.netty:netty-codec-http CVE-2024-29025 中危 4.1.106.Final 4.1.108.Final netty-codec-http: Allocation of Resources Without Limits or Throttling

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-29025

镜像层: sha256:669f4ee1b50ee5eb975cb2206968993d70b94a76d14dc2521360b1d855e1fc0f

发布日期: 2024-03-25 20:15 修改: 2024-06-21 22:15
Node.js (node-pkg)
低危漏洞:1 中危漏洞:3 高危漏洞:10 严重漏洞:3
软件包 漏洞 安全状态 安装版本 修复版本 漏洞信息
handlebars CVE-2019-19919 严重 1.0.0 4.3.0, 3.0.8 nodejs-handlebars: prototype pollution leading to remote code execution via crafted payloads

漏洞详情: https://avd.aquasec.com/nvd/cve-2019-19919

镜像层: sha256:669f4ee1b50ee5eb975cb2206968993d70b94a76d14dc2521360b1d855e1fc0f

发布日期: 2019-12-20 23:15 修改: 2022-06-03 18:48
handlebars CVE-2021-23369 严重 1.0.0 4.7.7 nodejs-handlebars: Remote code execution when compiling untrusted compile templates with strict:true option

漏洞详情: https://avd.aquasec.com/nvd/cve-2021-23369

镜像层: sha256:669f4ee1b50ee5eb975cb2206968993d70b94a76d14dc2521360b1d855e1fc0f

发布日期: 2021-04-12 14:15 修改: 2021-06-08 13:54
handlebars CVE-2021-23383 严重 1.0.0 4.7.7 nodejs-handlebars: Remote code execution when compiling untrusted compile templates with compat:true option

漏洞详情: https://avd.aquasec.com/nvd/cve-2021-23383

镜像层: sha256:669f4ee1b50ee5eb975cb2206968993d70b94a76d14dc2521360b1d855e1fc0f

发布日期: 2021-05-04 09:15 修改: 2021-12-03 19:59
diff GHSA-h6ch-v84p-w6p9 高危 1.0.0 3.5.0 Regular Expression Denial of Service (ReDoS)

漏洞详情: https://github.com/advisories/GHSA-h6ch-v84p-w6p9

镜像层: sha256:669f4ee1b50ee5eb975cb2206968993d70b94a76d14dc2521360b1d855e1fc0f

发布日期: 0001-01-01 00:00 修改: 0001-01-01 00:00
cmake NSWG-ECO-233 高危 0.0.17 <0.0.0 Downloads Resources over HTTP

漏洞详情:

镜像层: sha256:669f4ee1b50ee5eb975cb2206968993d70b94a76d14dc2521360b1d855e1fc0f

发布日期: 0001-01-01 00:00 修改: 0001-01-01 00:00
handlebars CVE-2019-20920 高危 1.0.0 3.0.8, 4.5.3 nodejs-handlebars: lookup helper fails to properly validate templates allowing for arbitrary JavaScript execution

漏洞详情: https://avd.aquasec.com/nvd/cve-2019-20920

镜像层: sha256:669f4ee1b50ee5eb975cb2206968993d70b94a76d14dc2521360b1d855e1fc0f

发布日期: 2020-09-30 18:15 修改: 2020-10-15 17:35
handlebars GHSA-2cf5-4w76-r9qv 高危 1.0.0 3.0.8, 4.5.2 Arbitrary Code Execution in handlebars

漏洞详情: https://github.com/advisories/GHSA-2cf5-4w76-r9qv

镜像层: sha256:669f4ee1b50ee5eb975cb2206968993d70b94a76d14dc2521360b1d855e1fc0f

发布日期: 0001-01-01 00:00 修改: 0001-01-01 00:00
handlebars GHSA-g9r4-xpmj-mj65 高危 1.0.0 3.0.8, 4.5.3 Prototype Pollution in handlebars

漏洞详情: https://github.com/advisories/GHSA-g9r4-xpmj-mj65

镜像层: sha256:669f4ee1b50ee5eb975cb2206968993d70b94a76d14dc2521360b1d855e1fc0f

发布日期: 0001-01-01 00:00 修改: 0001-01-01 00:00
handlebars GHSA-q2c6-c6pm-g3gh 高危 1.0.0 3.0.8, 4.5.3 Arbitrary Code Execution in handlebars

漏洞详情: https://github.com/advisories/GHSA-q2c6-c6pm-g3gh

镜像层: sha256:669f4ee1b50ee5eb975cb2206968993d70b94a76d14dc2521360b1d855e1fc0f

发布日期: 0001-01-01 00:00 修改: 0001-01-01 00:00
handlebars GHSA-q42p-pg8m-cqh6 高危 1.0.0 4.1.2, 4.0.14, 3.0.7 Prototype Pollution in handlebars

漏洞详情: https://github.com/advisories/GHSA-q42p-pg8m-cqh6

镜像层: sha256:669f4ee1b50ee5eb975cb2206968993d70b94a76d14dc2521360b1d855e1fc0f

发布日期: 0001-01-01 00:00 修改: 0001-01-01 00:00
ini CVE-2020-7788 高危 1.0.0 1.3.6 nodejs-ini: Prototype pollution via malicious INI file

漏洞详情: https://avd.aquasec.com/nvd/cve-2020-7788

镜像层: sha256:669f4ee1b50ee5eb975cb2206968993d70b94a76d14dc2521360b1d855e1fc0f

发布日期: 2020-12-11 11:15 修改: 2022-12-02 19:40
json CVE-2020-7712 高危 1.0.0 10.0.0 trentm/json vulnerable to command injection

漏洞详情: https://avd.aquasec.com/nvd/cve-2020-7712

镜像层: sha256:669f4ee1b50ee5eb975cb2206968993d70b94a76d14dc2521360b1d855e1fc0f

发布日期: 2020-08-30 08:15 修改: 2023-11-07 03:26
pug CVE-2021-21353 高危 1.0.0 3.0.1 pug: user provided objects as input to pug templates can achieve remote code execution

漏洞详情: https://avd.aquasec.com/nvd/cve-2021-21353

镜像层: sha256:669f4ee1b50ee5eb975cb2206968993d70b94a76d14dc2521360b1d855e1fc0f

发布日期: 2021-03-03 02:15 修改: 2021-03-09 15:35
handlebars NSWG-ECO-519 中危 1.0.0 >=4.6.0 Denial of Service

漏洞详情: https://hackerone.com/reports/726364

镜像层: sha256:669f4ee1b50ee5eb975cb2206968993d70b94a76d14dc2521360b1d855e1fc0f

发布日期: 0001-01-01 00:00 修改: 0001-01-01 00:00
handlebars CVE-2015-8861 中危 1.0.0 >=4.0.0 The handlebars package before 4.0.0 for Node.js allows remote attacker ...

漏洞详情: https://avd.aquasec.com/nvd/cve-2015-8861

镜像层: sha256:669f4ee1b50ee5eb975cb2206968993d70b94a76d14dc2521360b1d855e1fc0f

发布日期: 2017-01-23 21:59 修改: 2020-04-22 12:54
pug CVE-2024-36361 中危 1.0.0 3.0.3 Pug allows JavaScript code execution if an application accepts untrusted input

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-36361

镜像层: sha256:669f4ee1b50ee5eb975cb2206968993d70b94a76d14dc2521360b1d855e1fc0f

发布日期: 2024-05-24 06:15 修改: 2024-08-02 04:17
markdown GHSA-wx77-rp39-c6vg 低危 1.0.0 Regular Expression Denial of Service in markdown

漏洞详情: https://github.com/advisories/GHSA-wx77-rp39-c6vg

镜像层: sha256:669f4ee1b50ee5eb975cb2206968993d70b94a76d14dc2521360b1d855e1fc0f

发布日期: 0001-01-01 00:00 修改: 0001-01-01 00:00
Python (python-pkg)
低危漏洞:0 中危漏洞:1 高危漏洞:1 严重漏洞:0
软件包 漏洞 安全状态 安装版本 修复版本 漏洞信息
setuptools CVE-2024-6345 高危 69.5.1 70.0.0 pypa/setuptools: Remote code execution via download functions in the package_index module in pypa/setuptools

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-6345

镜像层: sha256:669f4ee1b50ee5eb975cb2206968993d70b94a76d14dc2521360b1d855e1fc0f

发布日期: 2024-07-15 01:15 修改: 2024-07-15 13:00
cryptography GHSA-h4gh-qq45-vh27 中危 42.0.7 43.0.1 pyca/cryptography has a vulnerable OpenSSL included in cryptography wheels

漏洞详情: https://github.com/advisories/GHSA-h4gh-qq45-vh27

镜像层: sha256:669f4ee1b50ee5eb975cb2206968993d70b94a76d14dc2521360b1d855e1fc0f

发布日期: 0001-01-01 00:00 修改: 0001-01-01 00:00
usr/bin/captree (gobinary)
低危漏洞:0 中危漏洞:4 高危漏洞:1 严重漏洞:1
软件包 漏洞 安全状态 安装版本 修复版本 漏洞信息
stdlib CVE-2024-24790 严重 1.22.3 1.21.11, 1.22.4 golang: net/netip: Unexpected behavior from Is methods for IPv4-mapped IPv6 addresses

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-24790

镜像层: sha256:b9ddf85ced8a6c751059771a9089f6a5063a1fe814f4f1e3b5cbd105fcfb0ea4

发布日期: 2024-06-05 16:15 修改: 2024-09-03 18:35
stdlib CVE-2024-34156 高危 1.22.3 1.22.7, 1.23.1 encoding/gob: golang: Calling Decoder.Decode on a message which contains deeply nested structures can cause a panic due to stack exhaustion

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-34156

镜像层: sha256:b9ddf85ced8a6c751059771a9089f6a5063a1fe814f4f1e3b5cbd105fcfb0ea4

发布日期: 2024-09-06 21:15 修改: 2024-09-09 15:35
stdlib CVE-2024-24789 中危 1.22.3 1.21.11, 1.22.4 golang: archive/zip: Incorrect handling of certain ZIP files

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-24789

镜像层: sha256:b9ddf85ced8a6c751059771a9089f6a5063a1fe814f4f1e3b5cbd105fcfb0ea4

发布日期: 2024-06-05 16:15 修改: 2024-07-03 01:48
stdlib CVE-2024-24791 中危 1.22.3 1.21.12, 1.22.5 net/http: Denial of service due to improper 100-continue handling in net/http

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-24791

镜像层: sha256:b9ddf85ced8a6c751059771a9089f6a5063a1fe814f4f1e3b5cbd105fcfb0ea4

发布日期: 2024-07-02 22:15 修改: 2024-07-08 14:17
stdlib CVE-2024-34155 中危 1.22.3 1.22.7, 1.23.1 go/parser: golang: Calling any of the Parse functions containing deeply nested literals can cause a panic/stack exhaustion

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-34155

镜像层: sha256:b9ddf85ced8a6c751059771a9089f6a5063a1fe814f4f1e3b5cbd105fcfb0ea4

发布日期: 2024-09-06 21:15 修改: 2024-09-09 13:03
stdlib CVE-2024-34158 中危 1.22.3 1.22.7, 1.23.1 go/build/constraint: golang: Calling Parse on a "// +build" build tag line with deeply nested expressions can cause a panic due to stack exhaustion

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-34158

镜像层: sha256:b9ddf85ced8a6c751059771a9089f6a5063a1fe814f4f1e3b5cbd105fcfb0ea4

发布日期: 2024-09-06 21:15 修改: 2024-09-09 14:35