docker.io/diffblue/cover-cli:latest-jdk21 linux/amd64

docker.io/diffblue/cover-cli:latest-jdk21 - Trivy安全扫描结果 扫描时间: 2026-06-23 16:30
全部漏洞信息
低危漏洞:4 中危漏洞:24 高危漏洞:4 严重漏洞:0

系统OS: alpine 3.24.1 扫描引擎: Trivy 扫描时间: 2026-06-23 16:30

docker.io/diffblue/cover-cli:latest-jdk21 (alpine 3.24.1) (alpine)
低危漏洞:0 中危漏洞:0 高危漏洞:0 严重漏洞:0
软件包 漏洞 安全状态 安装版本 修复版本 漏洞信息
Java (jar)
低危漏洞:4 中危漏洞:24 高危漏洞:4 严重漏洞:0
软件包 漏洞 安全状态 安装版本 修复版本 漏洞信息
org.bouncycastle:bcpg-jdk18on CVE-2026-3505 高危 1.77 1.84 bouncycastle: BC-JAVA: unbounded PGP AEAD chunk size leads to pre-auth resource exhaustion

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-3505

镜像层: sha256:86d2490416ac51bed908bd132e063eaddd535c06d6175fb446a55f72882c76f8

发布日期: 2026-04-15 10:16 修改: 2026-05-19 00:16
org.codehaus.plexus:plexus-utils CVE-2025-67030 高危 3.5.1 4.0.3, 3.6.1 org.codehaus.plexus:plexus-utils: Plexus-utils: Directory Traversal in extractFile method

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-67030

镜像层: sha256:f0a2dd3664ee791195cb3867a701cd22d48a47c7c3c4d160a4411805fd189562

发布日期: 2026-03-25 18:16 修改: 2026-05-01 17:12
org.codehaus.plexus:plexus-utils CVE-2025-67030 高危 3.5.1 4.0.3, 3.6.1 org.codehaus.plexus:plexus-utils: Plexus-utils: Directory Traversal in extractFile method

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-67030

镜像层: sha256:bf4a15b601d920c0fb8a79900e513e54fd88a5c0fec6c00c4f9553900d869e47

发布日期: 2026-03-25 18:16 修改: 2026-05-01 17:12
org.codehaus.plexus:plexus-utils CVE-2025-67030 高危 3.5.1 4.0.3, 3.6.1 org.codehaus.plexus:plexus-utils: Plexus-utils: Directory Traversal in extractFile method

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-67030

镜像层: sha256:86d2490416ac51bed908bd132e063eaddd535c06d6175fb446a55f72882c76f8

发布日期: 2026-03-25 18:16 修改: 2026-05-01 17:12
com.fasterxml.jackson.core:jackson-core GHSA-72hv-8253-57qq 中危 2.16.1 2.21.1, 2.18.6 jackson-core: Number Length Constraint Bypass in Async Parser Leads to Potential DoS Condition

漏洞详情: https://github.com/advisories/GHSA-72hv-8253-57qq

镜像层: sha256:86d2490416ac51bed908bd132e063eaddd535c06d6175fb446a55f72882c76f8

发布日期: 2026-02-28 02:01 修改: 2026-04-07 16:30
com.fasterxml.jackson.core:jackson-core GHSA-72hv-8253-57qq 中危 2.18.3 2.21.1, 2.18.6 jackson-core: Number Length Constraint Bypass in Async Parser Leads to Potential DoS Condition

漏洞详情: https://github.com/advisories/GHSA-72hv-8253-57qq

镜像层: sha256:bf4a15b601d920c0fb8a79900e513e54fd88a5c0fec6c00c4f9553900d869e47

发布日期: 2026-02-28 02:01 修改: 2026-04-07 16:30
com.fasterxml.jackson.core:jackson-core GHSA-72hv-8253-57qq 中危 2.18.3 2.21.1, 2.18.6 jackson-core: Number Length Constraint Bypass in Async Parser Leads to Potential DoS Condition

漏洞详情: https://github.com/advisories/GHSA-72hv-8253-57qq

镜像层: sha256:bf4a15b601d920c0fb8a79900e513e54fd88a5c0fec6c00c4f9553900d869e47

发布日期: 2026-02-28 02:01 修改: 2026-04-07 16:30
commons-lang:commons-lang CVE-2025-48924 中危 2.6 commons-lang/commons-lang: org.apache.commons/commons-lang3: Uncontrolled Recursion vulnerability in Apache Commons Lang

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-48924

镜像层: sha256:bf4a15b601d920c0fb8a79900e513e54fd88a5c0fec6c00c4f9553900d869e47

发布日期: 2025-07-11 15:15 修改: 2025-11-04 22:16
commons-lang:commons-lang CVE-2025-48924 中危 2.6 commons-lang/commons-lang: org.apache.commons/commons-lang3: Uncontrolled Recursion vulnerability in Apache Commons Lang

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-48924

镜像层: sha256:bf4a15b601d920c0fb8a79900e513e54fd88a5c0fec6c00c4f9553900d869e47

发布日期: 2025-07-11 15:15 修改: 2025-11-04 22:16
commons-lang:commons-lang CVE-2025-48924 中危 2.6 commons-lang/commons-lang: org.apache.commons/commons-lang3: Uncontrolled Recursion vulnerability in Apache Commons Lang

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-48924

镜像层: sha256:86d2490416ac51bed908bd132e063eaddd535c06d6175fb446a55f72882c76f8

发布日期: 2025-07-11 15:15 修改: 2025-11-04 22:16
net.i2p.crypto:eddsa CVE-2020-36843 中危 0.3.0 The implementation of EdDSA in EdDSA-Java (aka ed25519-java) through 0 ...

漏洞详情: https://avd.aquasec.com/nvd/cve-2020-36843

镜像层: sha256:86d2490416ac51bed908bd132e063eaddd535c06d6175fb446a55f72882c76f8

发布日期: 2025-03-13 06:15 修改: 2026-04-15 00:35
org.apache.commons:commons-lang3 CVE-2025-48924 中危 3.11 3.18.0 commons-lang/commons-lang: org.apache.commons/commons-lang3: Uncontrolled Recursion vulnerability in Apache Commons Lang

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-48924

镜像层: sha256:bf4a15b601d920c0fb8a79900e513e54fd88a5c0fec6c00c4f9553900d869e47

发布日期: 2025-07-11 15:15 修改: 2025-11-04 22:16
org.apache.commons:commons-lang3 CVE-2025-48924 中危 3.11 3.18.0 commons-lang/commons-lang: org.apache.commons/commons-lang3: Uncontrolled Recursion vulnerability in Apache Commons Lang

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-48924

镜像层: sha256:bf4a15b601d920c0fb8a79900e513e54fd88a5c0fec6c00c4f9553900d869e47

发布日期: 2025-07-11 15:15 修改: 2025-11-04 22:16
org.apache.commons:commons-lang3 CVE-2025-48924 中危 3.14.0 3.18.0 commons-lang/commons-lang: org.apache.commons/commons-lang3: Uncontrolled Recursion vulnerability in Apache Commons Lang

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-48924

镜像层: sha256:f0a2dd3664ee791195cb3867a701cd22d48a47c7c3c4d160a4411805fd189562

发布日期: 2025-07-11 15:15 修改: 2025-11-04 22:16
org.apache.commons:commons-lang3 CVE-2025-48924 中危 3.14.0 3.18.0 commons-lang/commons-lang: org.apache.commons/commons-lang3: Uncontrolled Recursion vulnerability in Apache Commons Lang

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-48924

镜像层: sha256:86d2490416ac51bed908bd132e063eaddd535c06d6175fb446a55f72882c76f8

发布日期: 2025-07-11 15:15 修改: 2025-11-04 22:16
ch.qos.logback:logback-core CVE-2024-12798 中危 1.2.13 1.5.13, 1.3.15 logback-core: arbitrary code execution via JaninoEventEvaluator

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-12798

镜像层: sha256:bf4a15b601d920c0fb8a79900e513e54fd88a5c0fec6c00c4f9553900d869e47

发布日期: 2024-12-19 16:15 修改: 2026-04-15 00:35
org.bouncycastle:bcprov-jdk18on CVE-2024-29857 中危 1.77 1.78 org.bouncycastle: Importing an EC certificate with crafted F2m parameters may lead to Denial of Service

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-29857

镜像层: sha256:86d2490416ac51bed908bd132e063eaddd535c06d6175fb446a55f72882c76f8

发布日期: 2024-05-14 15:17 修改: 2026-04-15 00:35
org.bouncycastle:bcprov-jdk18on CVE-2024-30171 中危 1.77 1.78 bc-java: BouncyCastle vulnerable to a timing variant of Bleichenbacher (Marvin Attack)

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-30171

镜像层: sha256:86d2490416ac51bed908bd132e063eaddd535c06d6175fb446a55f72882c76f8

发布日期: 2024-05-14 15:21 修改: 2026-04-15 00:35
org.bouncycastle:bcprov-jdk18on CVE-2024-30172 中危 1.77 1.78 org.bouncycastle:bcprov-jdk18on: Infinite loop in ED25519 verification in the ScalarUtil class

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-30172

镜像层: sha256:86d2490416ac51bed908bd132e063eaddd535c06d6175fb446a55f72882c76f8

发布日期: 2024-05-14 15:21 修改: 2026-04-15 00:35
org.bouncycastle:bcprov-jdk18on CVE-2024-34447 中危 1.77 1.78 org.bouncycastle: Use of Incorrectly-Resolved Name or Reference

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-34447

镜像层: sha256:86d2490416ac51bed908bd132e063eaddd535c06d6175fb446a55f72882c76f8

发布日期: 2024-05-03 16:15 修改: 2026-04-15 00:35
org.bouncycastle:bcprov-jdk18on CVE-2025-8885 中危 1.77 1.78 bouncycastle: Bouncy Castle denial of service parsing ASN.1 Object Identifiers

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-8885

镜像层: sha256:86d2490416ac51bed908bd132e063eaddd535c06d6175fb446a55f72882c76f8

发布日期: 2025-08-12 10:15 修改: 2026-04-15 00:35
org.bouncycastle:bcprov-jdk18on CVE-2026-0636 中危 1.77 1.84 bouncycastle: BC-JAVA: LDAP injection vulnerability in LDAPStoreHelper.java

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-0636

镜像层: sha256:86d2490416ac51bed908bd132e063eaddd535c06d6175fb446a55f72882c76f8

发布日期: 2026-04-15 10:16 修改: 2026-05-19 00:16
ch.qos.logback:logback-core CVE-2024-12798 中危 1.2.13 1.5.13, 1.3.15 logback-core: arbitrary code execution via JaninoEventEvaluator

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-12798

镜像层: sha256:bf4a15b601d920c0fb8a79900e513e54fd88a5c0fec6c00c4f9553900d869e47

发布日期: 2024-12-19 16:15 修改: 2026-04-15 00:35
ch.qos.logback:logback-core CVE-2025-11226 中危 1.2.13 1.5.19, 1.3.16 ch.qos.logback/logback-core: Conditional abitrary code execution in logback-core

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-11226

镜像层: sha256:bf4a15b601d920c0fb8a79900e513e54fd88a5c0fec6c00c4f9553900d869e47

发布日期: 2025-10-01 08:15 修改: 2026-04-15 00:35
ch.qos.logback:logback-core CVE-2025-11226 中危 1.2.13 1.5.19, 1.3.16 ch.qos.logback/logback-core: Conditional abitrary code execution in logback-core

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-11226

镜像层: sha256:bf4a15b601d920c0fb8a79900e513e54fd88a5c0fec6c00c4f9553900d869e47

发布日期: 2025-10-01 08:15 修改: 2026-04-15 00:35
org.eclipse.jgit:org.eclipse.jgit CVE-2025-4949 中危 5.13.3.202401111512-r 7.2.1.202505142326-r, 7.1.1.202505221757-r, 7.0.1.202505221510-r, 6.10.1.202505221210-r, 6.0.0.202111291000-r, 5.13.4.202507202350-r org.eclipse.jgit: XXE vulnerability in Eclipse JGit

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-4949

镜像层: sha256:bf4a15b601d920c0fb8a79900e513e54fd88a5c0fec6c00c4f9553900d869e47

发布日期: 2025-05-21 07:16 修改: 2026-01-05 18:11
org.eclipse.jgit:org.eclipse.jgit CVE-2025-4949 中危 5.13.3.202401111512-r 7.2.1.202505142326-r, 7.1.1.202505221757-r, 7.0.1.202505221510-r, 6.10.1.202505221210-r, 6.0.0.202111291000-r, 5.13.4.202507202350-r org.eclipse.jgit: XXE vulnerability in Eclipse JGit

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-4949

镜像层: sha256:bf4a15b601d920c0fb8a79900e513e54fd88a5c0fec6c00c4f9553900d869e47

发布日期: 2025-05-21 07:16 修改: 2026-01-05 18:11
org.eclipse.jgit:org.eclipse.jgit CVE-2025-4949 中危 5.13.3.202401111512-r 7.2.1.202505142326-r, 7.1.1.202505221757-r, 7.0.1.202505221510-r, 6.10.1.202505221210-r, 6.0.0.202111291000-r, 5.13.4.202507202350-r org.eclipse.jgit: XXE vulnerability in Eclipse JGit

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-4949

镜像层: sha256:86d2490416ac51bed908bd132e063eaddd535c06d6175fb446a55f72882c76f8

发布日期: 2025-05-21 07:16 修改: 2026-01-05 18:11
ch.qos.logback:logback-core CVE-2024-12801 低危 1.2.13 1.5.13, 1.3.15 logback-core: SaxEventRecorder vulnerable to Server-Side Request Forgery (SSRF) attacks

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-12801

镜像层: sha256:bf4a15b601d920c0fb8a79900e513e54fd88a5c0fec6c00c4f9553900d869e47

发布日期: 2024-12-19 17:15 修改: 2026-04-15 00:35
ch.qos.logback:logback-core CVE-2024-12801 低危 1.2.13 1.5.13, 1.3.15 logback-core: SaxEventRecorder vulnerable to Server-Side Request Forgery (SSRF) attacks

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-12801

镜像层: sha256:bf4a15b601d920c0fb8a79900e513e54fd88a5c0fec6c00c4f9553900d869e47

发布日期: 2024-12-19 17:15 修改: 2026-04-15 00:35
ch.qos.logback:logback-core CVE-2026-1225 低危 1.2.13 1.5.25 ch.qos.logback/logback-core: Malicious logback.xml configuration file allows instantiation of arbitrary classes

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-1225

镜像层: sha256:bf4a15b601d920c0fb8a79900e513e54fd88a5c0fec6c00c4f9553900d869e47

发布日期: 2026-01-22 10:16 修改: 2026-04-15 00:35
ch.qos.logback:logback-core CVE-2026-1225 低危 1.2.13 1.5.25 ch.qos.logback/logback-core: Malicious logback.xml configuration file allows instantiation of arbitrary classes

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-1225

镜像层: sha256:bf4a15b601d920c0fb8a79900e513e54fd88a5c0fec6c00c4f9553900d869e47

发布日期: 2026-01-22 10:16 修改: 2026-04-15 00:35
检测到您正在使用广告拦截插件,本站为公益站点,依赖广告维持运转 🙏 查看如何关闭 ×