docker.io/foamzou/melody:latest linux/amd64

docker.io/foamzou/melody:latest - Trivy安全扫描结果 扫描时间: 2025-01-07 10:21
全部漏洞信息
低危漏洞:5 中危漏洞:13 高危漏洞:9 严重漏洞:3

系统OS: alpine 3.16.6 扫描引擎: Trivy 扫描时间: 2025-01-07 10:21

docker.io/foamzou/melody:latest (alpine 3.16.6) (alpine)
低危漏洞:0 中危漏洞:9 高危漏洞:4 严重漏洞:1
软件包 漏洞 安全状态 安装版本 修复版本 漏洞信息
nodejs CVE-2023-32002 严重 16.20.1-r0 16.20.2-r0 nodejs: Permissions policies can be bypassed via Module._load

漏洞详情: https://avd.aquasec.com/nvd/cve-2023-32002

镜像层: sha256:3598b7c7cac6f0bfded0e478c43ec6da7deb2c6169953637b775b49331559f14

发布日期: 2023-08-21 17:15 修改: 2024-10-07 19:36
nghttp2-libs CVE-2023-44487 高危 1.47.0-r0 1.47.0-r2 HTTP/2: Multiple HTTP/2 enabled web servers are vulnerable to a DDoS attack (Rapid Reset Attack)

漏洞详情: https://avd.aquasec.com/nvd/cve-2023-44487

镜像层: sha256:3598b7c7cac6f0bfded0e478c43ec6da7deb2c6169953637b775b49331559f14

发布日期: 2023-10-10 14:15 修改: 2024-12-20 17:40
nghttp2-libs CVE-2023-35945 高危 1.47.0-r0 1.47.0-r1 envoy: HTTP/2 memory leak in nghttp2 codec

漏洞详情: https://avd.aquasec.com/nvd/cve-2023-35945

镜像层: sha256:3598b7c7cac6f0bfded0e478c43ec6da7deb2c6169953637b775b49331559f14

发布日期: 2023-07-13 21:15 修改: 2023-10-24 17:26
nodejs CVE-2023-32006 高危 16.20.1-r0 16.20.2-r0 nodejs: Permissions policies can impersonate other modules in using module.constructor.createRequire()

漏洞详情: https://avd.aquasec.com/nvd/cve-2023-32006

镜像层: sha256:3598b7c7cac6f0bfded0e478c43ec6da7deb2c6169953637b775b49331559f14

发布日期: 2023-08-15 16:15 修改: 2023-09-15 14:15
nodejs CVE-2023-32559 高危 16.20.1-r0 16.20.2-r0 nodejs: Permissions policies can be bypassed via process.binding

漏洞详情: https://avd.aquasec.com/nvd/cve-2023-32559

镜像层: sha256:3598b7c7cac6f0bfded0e478c43ec6da7deb2c6169953637b775b49331559f14

发布日期: 2023-08-24 02:15 修改: 2024-10-03 14:35
libssl1.1 CVE-2023-3446 中危 1.1.1u-r1 1.1.1u-r2 openssl: Excessive time spent checking DH keys and parameters

漏洞详情: https://avd.aquasec.com/nvd/cve-2023-3446

镜像层: sha256:18eb8b5891f2056b0a6c9978359916a519e8fdeec08c13c6383b922cd15fcfb2

发布日期: 2023-07-19 12:15 修改: 2024-10-14 15:15
libssl1.1 CVE-2023-3817 中危 1.1.1u-r1 1.1.1v-r0 OpenSSL: Excessive time spent checking DH q parameter value

漏洞详情: https://avd.aquasec.com/nvd/cve-2023-3817

镜像层: sha256:18eb8b5891f2056b0a6c9978359916a519e8fdeec08c13c6383b922cd15fcfb2

发布日期: 2023-07-31 16:15 修改: 2024-10-14 15:15
libssl1.1 CVE-2023-5678 中危 1.1.1u-r1 1.1.1w-r1 openssl: Generating excessively long X9.42 DH keys or checking excessively long X9.42 DH keys or parameters may be very slow

漏洞详情: https://avd.aquasec.com/nvd/cve-2023-5678

镜像层: sha256:18eb8b5891f2056b0a6c9978359916a519e8fdeec08c13c6383b922cd15fcfb2

发布日期: 2023-11-06 16:15 修改: 2024-10-14 15:15
busybox CVE-2023-42366 中危 1.35.0-r17 1.35.0-r18 busybox: A heap-buffer-overflow

漏洞详情: https://avd.aquasec.com/nvd/cve-2023-42366

镜像层: sha256:18eb8b5891f2056b0a6c9978359916a519e8fdeec08c13c6383b922cd15fcfb2

发布日期: 2023-11-27 23:15 修改: 2024-12-06 14:15
c-ares CVE-2024-25629 中危 1.19.1-r0 1.19.1-r1 c-ares: Out of bounds read in ares__read_line()

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-25629

镜像层: sha256:3598b7c7cac6f0bfded0e478c43ec6da7deb2c6169953637b775b49331559f14

发布日期: 2024-02-23 15:15 修改: 2024-04-19 23:15
libcrypto1.1 CVE-2023-3446 中危 1.1.1u-r1 1.1.1u-r2 openssl: Excessive time spent checking DH keys and parameters

漏洞详情: https://avd.aquasec.com/nvd/cve-2023-3446

镜像层: sha256:18eb8b5891f2056b0a6c9978359916a519e8fdeec08c13c6383b922cd15fcfb2

发布日期: 2023-07-19 12:15 修改: 2024-10-14 15:15
libcrypto1.1 CVE-2023-3817 中危 1.1.1u-r1 1.1.1v-r0 OpenSSL: Excessive time spent checking DH q parameter value

漏洞详情: https://avd.aquasec.com/nvd/cve-2023-3817

镜像层: sha256:18eb8b5891f2056b0a6c9978359916a519e8fdeec08c13c6383b922cd15fcfb2

发布日期: 2023-07-31 16:15 修改: 2024-10-14 15:15
libcrypto1.1 CVE-2023-5678 中危 1.1.1u-r1 1.1.1w-r1 openssl: Generating excessively long X9.42 DH keys or checking excessively long X9.42 DH keys or parameters may be very slow

漏洞详情: https://avd.aquasec.com/nvd/cve-2023-5678

镜像层: sha256:18eb8b5891f2056b0a6c9978359916a519e8fdeec08c13c6383b922cd15fcfb2

发布日期: 2023-11-06 16:15 修改: 2024-10-14 15:15
ssl_client CVE-2023-42366 中危 1.35.0-r17 1.35.0-r18 busybox: A heap-buffer-overflow

漏洞详情: https://avd.aquasec.com/nvd/cve-2023-42366

镜像层: sha256:18eb8b5891f2056b0a6c9978359916a519e8fdeec08c13c6383b922cd15fcfb2

发布日期: 2023-11-27 23:15 修改: 2024-12-06 14:15
Node.js (node-pkg)
低危漏洞:5 中危漏洞:4 高危漏洞:5 严重漏洞:2
软件包 漏洞 安全状态 安装版本 修复版本 漏洞信息
vm2 CVE-2023-37466 严重 3.9.19 vm2: Promise handler sanitization can be bypassed allowing attackers to escape the sandbox and run arbitrary code

漏洞详情: https://avd.aquasec.com/nvd/cve-2023-37466

镜像层: sha256:b88de1c91efe60b103baaa89928795704fa750fbe8e0818af683be6b267591c6

发布日期: 2023-07-14 00:15 修改: 2024-02-01 14:05
vm2 CVE-2023-37903 严重 3.9.19 vm2: custom inspect function allows attackers to escape the sandbox and run arbitrary code

漏洞详情: https://avd.aquasec.com/nvd/cve-2023-37903

镜像层: sha256:b88de1c91efe60b103baaa89928795704fa750fbe8e0818af683be6b267591c6

发布日期: 2023-07-21 20:15 修改: 2024-02-01 13:46
ip CVE-2024-29415 高危 2.0.0 node-ip: Incomplete fix for CVE-2023-42282

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-29415

镜像层: sha256:3598b7c7cac6f0bfded0e478c43ec6da7deb2c6169953637b775b49331559f14

发布日期: 2024-05-27 20:15 修改: 2024-08-16 14:35
path-to-regexp CVE-2024-45296 高危 0.1.7 1.9.0, 0.1.10, 8.0.0, 3.3.0, 6.3.0 path-to-regexp: Backtracking regular expressions cause ReDoS

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-45296

镜像层: sha256:b88de1c91efe60b103baaa89928795704fa750fbe8e0818af683be6b267591c6

发布日期: 2024-09-09 19:15 修改: 2024-09-10 12:09
pnpm CVE-2023-37478 高危 8.6.3 7.33.4, 8.6.8 pnpm incorrectly parses tar archives relative to specification

漏洞详情: https://avd.aquasec.com/nvd/cve-2023-37478

镜像层: sha256:3598b7c7cac6f0bfded0e478c43ec6da7deb2c6169953637b775b49331559f14

发布日期: 2023-08-01 12:15 修改: 2023-08-04 17:44
body-parser CVE-2024-45590 高危 1.20.2 1.20.3 body-parser: Denial of Service Vulnerability in body-parser

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-45590

镜像层: sha256:b88de1c91efe60b103baaa89928795704fa750fbe8e0818af683be6b267591c6

发布日期: 2024-09-10 16:15 修改: 2024-09-20 16:26
ip CVE-2024-29415 高危 1.1.9 node-ip: Incomplete fix for CVE-2023-42282

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-29415

镜像层: sha256:b88de1c91efe60b103baaa89928795704fa750fbe8e0818af683be6b267591c6

发布日期: 2024-05-27 20:15 修改: 2024-08-16 14:35
pnpm CVE-2024-53866 中危 8.6.3 9.15.0 pnpm no-script global cache poisoning via overrides / `ignore-scripts` evasion

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-53866

镜像层: sha256:3598b7c7cac6f0bfded0e478c43ec6da7deb2c6169953637b775b49331559f14

发布日期: 2024-12-10 18:15 修改: 2024-12-10 18:15
tar CVE-2024-28863 中危 6.1.15 6.2.1 node-tar: denial of service while parsing a tar file due to lack of folders depth validation

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-28863

镜像层: sha256:3598b7c7cac6f0bfded0e478c43ec6da7deb2c6169953637b775b49331559f14

发布日期: 2024-03-21 23:15 修改: 2024-06-10 17:16
path-to-regexp CVE-2024-52798 中危 0.1.7 0.1.12 path-to-regexp: path-to-regexp Unpatched `path-to-regexp` ReDoS in 0.1.x

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-52798

镜像层: sha256:b88de1c91efe60b103baaa89928795704fa750fbe8e0818af683be6b267591c6

发布日期: 2024-12-05 23:15 修改: 2024-12-05 23:15
axios CVE-2023-45857 中危 0.24.0 1.6.0, 0.28.0 axios: exposure of confidential data stored in cookies

漏洞详情: https://avd.aquasec.com/nvd/cve-2023-45857

镜像层: sha256:b88de1c91efe60b103baaa89928795704fa750fbe8e0818af683be6b267591c6

发布日期: 2023-11-08 21:15 修改: 2024-06-21 19:15
send CVE-2024-43799 低危 0.18.0 0.19.0 send: Code Execution Vulnerability in Send Library

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-43799

镜像层: sha256:b88de1c91efe60b103baaa89928795704fa750fbe8e0818af683be6b267591c6

发布日期: 2024-09-10 15:15 修改: 2024-09-20 16:57
serve-static CVE-2024-43800 低危 1.15.0 1.16.0, 2.1.0 serve-static: Improper Sanitization in serve-static

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-43800

镜像层: sha256:b88de1c91efe60b103baaa89928795704fa750fbe8e0818af683be6b267591c6

发布日期: 2024-09-10 15:15 修改: 2024-09-20 17:36
express CVE-2024-43796 低危 4.19.2 4.20.0, 5.0.0 express: Improper Input Handling in Express Redirects

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-43796

镜像层: sha256:b88de1c91efe60b103baaa89928795704fa750fbe8e0818af683be6b267591c6

发布日期: 2024-09-10 15:15 修改: 2024-09-20 16:07
ip CVE-2023-42282 低危 2.0.0 2.0.1, 1.1.9 nodejs-ip: arbitrary code execution via the isPublic() function

漏洞详情: https://avd.aquasec.com/nvd/cve-2023-42282

镜像层: sha256:3598b7c7cac6f0bfded0e478c43ec6da7deb2c6169953637b775b49331559f14

发布日期: 2024-02-08 17:15 修改: 2024-10-09 15:14
cookie CVE-2024-47764 低危 0.6.0 0.7.0 cookie: cookie accepts cookie name, path, and domain with out of bounds characters

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-47764

镜像层: sha256:b88de1c91efe60b103baaa89928795704fa750fbe8e0818af683be6b267591c6

发布日期: 2024-10-04 20:15 修改: 2024-10-07 17:48