docker.io/calico/apiserver:v3.26.5 - Trivy镜像安全扫描结果

全部漏洞信息

低危漏洞:1

中危漏洞:4

高危漏洞:6

严重漏洞:1

系统OS: 扫描引擎: Trivy 扫描时间: 2024-12-25 19:34

code/apiserver (gobinary)

低危漏洞:1

中危漏洞:2

高危漏洞:5

严重漏洞:1

软件包	漏洞	安全状态	安装版本	修复版本	漏洞信息
golang.org/x/crypto	CVE-2024-45337	严重	v0.25.0	0.31.0	golang.org/x/crypto/ssh: Misuse of ServerConfig.PublicKeyCallback may cause authorization bypass in golang.org/x/crypto 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-45337 镜像层: sha256:17ea4dad13e07084461e6c1542bae848933d2d7b1fa7bb0f0e82dc23a942879e 发布日期: 2024-12-12 02:02 修改: 2024-12-12 21:15
golang.org/x/net	CVE-2024-45338	高危	v0.27.0	0.33.0	golang.org/x/net/html: Non-linear parsing of case-insensitive content in golang.org/x/net/html 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-45338 镜像层: sha256:17ea4dad13e07084461e6c1542bae848933d2d7b1fa7bb0f0e82dc23a942879e 发布日期: 2024-12-18 21:15 修改: 2024-12-18 21:15
k8s.io/kubernetes	CVE-2024-0793	高危	v1.26.15	1.27.0-alpha.1	kube-controller-manager: malformed HPA v1 manifest causes crash 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-0793 镜像层: sha256:17ea4dad13e07084461e6c1542bae848933d2d7b1fa7bb0f0e82dc23a942879e 发布日期: 2024-11-17 11:15 修改: 2024-11-18 17:11
k8s.io/kubernetes	CVE-2024-10220	高危	v1.26.15	1.28.12, 1.29.7, 1.30.3	kubernetes: Arbitrary command execution through gitRepo volume 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-10220 镜像层: sha256:17ea4dad13e07084461e6c1542bae848933d2d7b1fa7bb0f0e82dc23a942879e 发布日期: 2024-11-22 17:15 修改: 2024-11-22 17:15
k8s.io/kubernetes	CVE-2024-5321	高危	v1.26.15	1.27.16, 1.28.12, 1.29.7, 1.30.3	kubelet: Incorrect permissions on Windows containers logs 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-5321 镜像层: sha256:17ea4dad13e07084461e6c1542bae848933d2d7b1fa7bb0f0e82dc23a942879e 发布日期: 2024-07-18 19:15 修改: 2024-07-19 13:01
stdlib	CVE-2024-34156	高危	1.21.13	1.22.7, 1.23.1	encoding/gob: golang: Calling Decoder.Decode on a message which contains deeply nested structures can cause a panic due to stack exhaustion 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-34156 镜像层: sha256:17ea4dad13e07084461e6c1542bae848933d2d7b1fa7bb0f0e82dc23a942879e 发布日期: 2024-09-06 21:15 修改: 2024-09-09 15:35
stdlib	CVE-2024-34155	中危	1.21.13	1.22.7, 1.23.1	go/parser: golang: Calling any of the Parse functions containing deeply nested literals can cause a panic/stack exhaustion 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-34155 镜像层: sha256:17ea4dad13e07084461e6c1542bae848933d2d7b1fa7bb0f0e82dc23a942879e 发布日期: 2024-09-06 21:15 修改: 2024-11-04 17:35
stdlib	CVE-2024-34158	中危	1.21.13	1.22.7, 1.23.1	go/build/constraint: golang: Calling Parse on a "// +build" build tag line with deeply nested expressions can cause a panic due to stack exhaustion 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-34158 镜像层: sha256:17ea4dad13e07084461e6c1542bae848933d2d7b1fa7bb0f0e82dc23a942879e 发布日期: 2024-09-06 21:15 修改: 2024-09-09 14:35
k8s.io/kubernetes	CVE-2024-3177	低危	v1.26.15	1.27.13, 1.29.4, 1.28.9	kubernetes: kube-apiserver: bypassing mountable secrets policy imposed by the ServiceAccount admission plugin 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-3177 镜像层: sha256:17ea4dad13e07084461e6c1542bae848933d2d7b1fa7bb0f0e82dc23a942879e 发布日期: 2024-04-22 23:15 修改: 2024-09-10 21:15

code/filecheck (gobinary)

低危漏洞:0

中危漏洞:2

高危漏洞:1

严重漏洞:0

软件包	漏洞	安全状态	安装版本	修复版本	漏洞信息
stdlib	CVE-2024-34156	高危	1.21.13	1.22.7, 1.23.1	encoding/gob: golang: Calling Decoder.Decode on a message which contains deeply nested structures can cause a panic due to stack exhaustion 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-34156 镜像层: sha256:f77fca44f086d992699f8d84155bece607ae9334b20543e6db689bb565839cc4 发布日期: 2024-09-06 21:15 修改: 2024-09-09 15:35
stdlib	CVE-2024-34155	中危	1.21.13	1.22.7, 1.23.1	go/parser: golang: Calling any of the Parse functions containing deeply nested literals can cause a panic/stack exhaustion 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-34155 镜像层: sha256:f77fca44f086d992699f8d84155bece607ae9334b20543e6db689bb565839cc4 发布日期: 2024-09-06 21:15 修改: 2024-11-04 17:35
stdlib	CVE-2024-34158	中危	1.21.13	1.22.7, 1.23.1	go/build/constraint: golang: Calling Parse on a "// +build" build tag line with deeply nested expressions can cause a panic due to stack exhaustion 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-34158 镜像层: sha256:f77fca44f086d992699f8d84155bece607ae9334b20543e6db689bb565839cc4 发布日期: 2024-09-06 21:15 修改: 2024-09-09 14:35

软件包

漏洞

安全状态

安装版本

修复版本

漏洞信息

stdlib

CVE-2024-34156

高危

1.21.13

1.22.7, 1.23.1

encoding/gob: golang: Calling Decoder.Decode on a message which contains deeply nested structures can cause a panic due to stack exhaustion