docker.io/grafana/loki:3.7.2 linux/amd64

docker.io/grafana/loki:3.7.2 - Trivy安全扫描结果扫描时间: 2026-06-09 17:37

全部漏洞信息

低危漏洞:0

中危漏洞:3

高危漏洞:12

严重漏洞:0

系统OS: debian 13.4 扫描引擎: Trivy 扫描时间: 2026-06-09 17:37

docker.io/grafana/loki:3.7.2 (debian 13.4) (debian)

低危漏洞:0

中危漏洞:0

高危漏洞:0

严重漏洞:0

软件包	漏洞	安全状态	安装版本	修复版本	漏洞信息

usr/bin/loki (gobinary)

低危漏洞:0

中危漏洞:3

高危漏洞:12

严重漏洞:0

软件包	漏洞	安全状态	安装版本	修复版本	漏洞信息
github.com/apache/thrift	CVE-2026-41602	高危	v0.22.0	0.23.0	github.com/apache/thrift: Apache Thrift: Integer Overflow in TFramedTransport Go implementation 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-41602 镜像层: sha256:d2eb34759aeb039b64ccf8feccf2d15dbeb15f3a090212a6fc0de7e998343951 发布日期: 2026-04-28 10:16 修改: 2026-04-28 18:40
github.com/prometheus/prometheus	CVE-2026-42151	高危	v0.311.2-0.20260410083055-07c6232d159b	0.311.3	github.com/prometheus/prometheus: Prometheus: Information disclosure of Azure OAuth client secret via config API 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-42151 镜像层: sha256:d2eb34759aeb039b64ccf8feccf2d15dbeb15f3a090212a6fc0de7e998343951 发布日期: 2026-05-04 19:16 修改: 2026-05-11 17:22
github.com/prometheus/prometheus	CVE-2026-42154	高危	v0.311.2-0.20260410083055-07c6232d159b	0.311.3, 0.305.2	github.com/prometheus/prometheus: Prometheus: Denial of Service via uncontrolled memory allocation in remote read endpoint 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-42154 镜像层: sha256:d2eb34759aeb039b64ccf8feccf2d15dbeb15f3a090212a6fc0de7e998343951 发布日期: 2026-05-04 19:16 修改: 2026-05-11 17:22
stdlib	CVE-2026-33811	高危	v1.26.2	1.25.10, 1.26.3	net: golang: Go net package: Denial of Service via long CNAME response in LookupCNAME 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-33811 镜像层: sha256:d2eb34759aeb039b64ccf8feccf2d15dbeb15f3a090212a6fc0de7e998343951 发布日期: 2026-05-07 20:16 修改: 2026-05-12 20:23
stdlib	CVE-2026-33814	高危	v1.26.2	1.25.10, 1.26.3	When processing HTTP/2 SETTINGS frames, transport will enter an infini ... 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-33814 镜像层: sha256:d2eb34759aeb039b64ccf8feccf2d15dbeb15f3a090212a6fc0de7e998343951 发布日期: 2026-05-07 20:16 修改: 2026-05-13 14:41
stdlib	CVE-2026-39820	高危	v1.26.2	1.25.10, 1.26.3	Well-crafted inputs reaching ParseAddress, ParseAddressList, and Parse ... 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-39820 镜像层: sha256:d2eb34759aeb039b64ccf8feccf2d15dbeb15f3a090212a6fc0de7e998343951 发布日期: 2026-05-07 20:16 修改: 2026-05-13 15:10
stdlib	CVE-2026-39823	高危	v1.26.2	1.25.10, 1.26.3	CVE-2026-27142 fixed a vulnerability in which URLs were not correctly ... 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-39823 镜像层: sha256:d2eb34759aeb039b64ccf8feccf2d15dbeb15f3a090212a6fc0de7e998343951 发布日期: 2026-05-07 20:16 修改: 2026-05-13 16:58
stdlib	CVE-2026-39825	高危	v1.26.2	1.25.10, 1.26.3	ReverseProxy can forward queries containing parameters not visible to ... 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-39825 镜像层: sha256:d2eb34759aeb039b64ccf8feccf2d15dbeb15f3a090212a6fc0de7e998343951 发布日期: 2026-05-07 20:16 修改: 2026-05-13 16:58
stdlib	CVE-2026-39826	高危	v1.26.2	1.25.10, 1.26.3	If a trusted template author were to write a <script> tag containing a ... 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-39826 镜像层: sha256:d2eb34759aeb039b64ccf8feccf2d15dbeb15f3a090212a6fc0de7e998343951 发布日期: 2026-05-07 20:16 修改: 2026-05-13 16:59
stdlib	CVE-2026-39836	高危	v1.26.2	1.25.10, 1.26.3	ELSA-2026-22112: go-toolset:ol8 security update (IMPORTANT) 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-39836 镜像层: sha256:d2eb34759aeb039b64ccf8feccf2d15dbeb15f3a090212a6fc0de7e998343951 发布日期: 2026-05-07 20:16 修改: 2026-05-13 15:11
stdlib	CVE-2026-42499	高危	v1.26.2	1.25.10, 1.26.3	Pathological inputs could cause DoS through consumePhrase when parsing ... 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-42499 镜像层: sha256:d2eb34759aeb039b64ccf8feccf2d15dbeb15f3a090212a6fc0de7e998343951 发布日期: 2026-05-07 20:16 修改: 2026-05-13 16:59
stdlib	CVE-2026-42504	高危	v1.26.2	1.25.11, 1.26.4	Decoding a maliciously-crafted MIME header containing many invalid enc ... 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-42504 镜像层: sha256:d2eb34759aeb039b64ccf8feccf2d15dbeb15f3a090212a6fc0de7e998343951 发布日期: 2026-06-02 23:16 修改: 2026-06-04 16:15
github.com/prometheus/prometheus	CVE-2026-44903	中危	v0.311.2-0.20260410083055-07c6232d159b	0.311.3	Prometheus is an open-source monitoring system and time series databas ... 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-44903 镜像层: sha256:d2eb34759aeb039b64ccf8feccf2d15dbeb15f3a090212a6fc0de7e998343951 发布日期: 2026-05-26 22:16 修改: 2026-06-05 17:18
stdlib	CVE-2026-27145	中危	v1.26.2	1.25.11, 1.26.4	*x509.Certificate).VerifyHostname previously called matchHostnames in ... 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-27145 镜像层: sha256:d2eb34759aeb039b64ccf8feccf2d15dbeb15f3a090212a6fc0de7e998343951 发布日期: 2026-06-02 23:16 修改: 2026-06-04 16:15
stdlib	CVE-2026-42507	中危	v1.26.2	1.25.11, 1.26.4	When returning errors, functions in the net/textproto package would in ... 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-42507 镜像层: sha256:d2eb34759aeb039b64ccf8feccf2d15dbeb15f3a090212a6fc0de7e998343951 发布日期: 2026-06-02 23:16 修改: 2026-06-04 16:15