docker.io/gitea/gitea:1.22.3 - Trivy镜像安全扫描结果

全部漏洞信息

低危漏洞:5

中危漏洞:1

高危漏洞:0

严重漏洞:0

系统OS: alpine 3.20.3 扫描引擎: Trivy 扫描时间: 2024-11-09 10:48

docker.io/gitea/gitea:1.22.3 (alpine 3.20.3) (alpine)

低危漏洞:4

中危漏洞:1

高危漏洞:0

严重漏洞:0

软件包	漏洞	安全状态	安装版本	修复版本	漏洞信息
libexpat	CVE-2024-50602	中危	2.6.3-r0	2.6.4-r0	libexpat: expat: DoS via XML_ResumeParser 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-50602 镜像层: sha256:0fb6565ccabbc29a018f127012008ea4844573fc383184a8c68f93531cc0f0db 发布日期: 2024-10-27 05:15 修改: 2024-10-30 18:35
libcrypto3	CVE-2024-9143	低危	3.3.2-r0	3.3.2-r1	openssl: Low-level invalid GF(2^m) parameters lead to OOB memory access 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-9143 镜像层: sha256:63ca1fbb43ae5034640e5e6cb3e083e05c290072c5366fcaa9d62435a4cced85 发布日期: 2024-10-16 17:15 修改: 2024-11-08 16:35
libcurl	CVE-2024-9681	低危	8.10.1-r0	8.11.0-r0	When curl is asked to use HSTS, the expiry time for a subdomain might ... 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-9681 镜像层: sha256:0fb6565ccabbc29a018f127012008ea4844573fc383184a8c68f93531cc0f0db 发布日期: 2024-11-06 08:15 修改: 2024-11-06 18:17
curl	CVE-2024-9681	低危	8.10.1-r0	8.11.0-r0	When curl is asked to use HSTS, the expiry time for a subdomain might ... 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-9681 镜像层: sha256:0fb6565ccabbc29a018f127012008ea4844573fc383184a8c68f93531cc0f0db 发布日期: 2024-11-06 08:15 修改: 2024-11-06 18:17
libssl3	CVE-2024-9143	低危	3.3.2-r0	3.3.2-r1	openssl: Low-level invalid GF(2^m) parameters lead to OOB memory access 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-9143 镜像层: sha256:63ca1fbb43ae5034640e5e6cb3e083e05c290072c5366fcaa9d62435a4cced85 发布日期: 2024-10-16 17:15 修改: 2024-11-08 16:35

app/gitea/gitea (gobinary)

低危漏洞:1

中危漏洞:0

高危漏洞:0

严重漏洞:0

软件包	漏洞	安全状态	安装版本	修复版本	漏洞信息
github.com/golang-jwt/jwt/v4	CVE-2024-51744	低危	v4.5.0	4.5.1	golang-jwt: Bad documentation of error handling in ParseWithClaims can lead to potentially dangerous situations in golang-jwt 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-51744 镜像层: sha256:44e1a578736ad2d8e63d55ab165fd5a191a1569c97d49803e2bbd2c44a268f35 发布日期: 2024-11-04 22:15 修改: 2024-11-05 16:04

软件包

漏洞

安全状态

安装版本

修复版本

漏洞信息

github.com/golang-jwt/jwt/v4

CVE-2024-51744

低危

v4.5.0

4.5.1

golang-jwt: Bad documentation of error handling in ParseWithClaims can lead to potentially dangerous situations in golang-jwt

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-51744

镜像层: sha256:44e1a578736ad2d8e63d55ab165fd5a191a1569c97d49803e2bbd2c44a268f35

发布日期: 2024-11-04 22:15 修改: 2024-11-05 16:04

usr/local/bin/environment-to-ini (gobinary)

低危漏洞:0

中危漏洞:0

高危漏洞:0

严重漏洞:0

软件包	漏洞	安全状态	安装版本	修复版本	漏洞信息

docker.io/gitea/gitea:1.22.3 linux/amd64

全部漏洞信息

docker.io/gitea/gitea:1.22.3 (alpine 3.20.3) (alpine)

app/gitea/gitea (gobinary)

usr/local/bin/environment-to-ini (gobinary)