docker.io/harness/gitness:latest linux/amd64

docker.io/harness/gitness:latest - Trivy安全扫描结果扫描时间: 2024-11-15 14:36

全部漏洞信息

低危漏洞:6

中危漏洞:30

高危漏洞:13

严重漏洞:4

系统OS: alpine 3.19.1 扫描引擎: Trivy 扫描时间: 2024-11-15 14:36

docker.io/harness/gitness:latest (alpine 3.19.1) (alpine)

低危漏洞:6

中危漏洞:26

高危漏洞:12

严重漏洞:3

软件包	漏洞	安全状态	安装版本	修复版本	漏洞信息
git	CVE-2024-32002	严重	2.43.0-r0	2.43.4-r0	git: Recursive clones RCE 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-32002 镜像层: sha256:4112e4b0d2bc82cc5d8e434a6d93debc237e6f788b80ec3a69de8b724daafeb5 发布日期: 2024-05-14 19:15 修改: 2024-06-26 10:15
libexpat	CVE-2024-45491	严重	2.6.2-r0	2.6.3-r0	libexpat: Integer Overflow or Wraparound 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-45491 镜像层: sha256:4112e4b0d2bc82cc5d8e434a6d93debc237e6f788b80ec3a69de8b724daafeb5 发布日期: 2024-08-30 03:15 修改: 2024-09-04 14:28
libexpat	CVE-2024-45492	严重	2.6.2-r0	2.6.3-r0	libexpat: integer overflow 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-45492 镜像层: sha256:4112e4b0d2bc82cc5d8e434a6d93debc237e6f788b80ec3a69de8b724daafeb5 发布日期: 2024-08-30 03:15 修改: 2024-09-04 14:28
libcurl	CVE-2024-2398	高危	8.5.0-r0	8.7.1-r0	curl: HTTP/2 push headers memory-leak 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-2398 镜像层: sha256:4112e4b0d2bc82cc5d8e434a6d93debc237e6f788b80ec3a69de8b724daafeb5 发布日期: 2024-03-27 08:15 修改: 2024-07-30 02:15
libcurl	CVE-2024-6197	高危	8.5.0-r0	8.9.0-r0	curl: freeing stack buffer in utf8asn1str 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-6197 镜像层: sha256:4112e4b0d2bc82cc5d8e434a6d93debc237e6f788b80ec3a69de8b724daafeb5 发布日期: 2024-07-24 08:15 修改: 2024-08-26 15:25
git	CVE-2024-32004	高危	2.43.0-r0	2.43.4-r0	git: RCE while cloning local repos 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-32004 镜像层: sha256:4112e4b0d2bc82cc5d8e434a6d93debc237e6f788b80ec3a69de8b724daafeb5 发布日期: 2024-05-14 19:15 修改: 2024-06-26 10:15
git	CVE-2024-32465	高危	2.43.0-r0	2.43.4-r0	git: additional local RCE 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-32465 镜像层: sha256:4112e4b0d2bc82cc5d8e434a6d93debc237e6f788b80ec3a69de8b724daafeb5 发布日期: 2024-05-14 20:15 修改: 2024-06-26 10:15
libexpat	CVE-2024-45490	高危	2.6.2-r0	2.6.3-r0	libexpat: Negative Length Parsing Vulnerability in libexpat 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-45490 镜像层: sha256:4112e4b0d2bc82cc5d8e434a6d93debc237e6f788b80ec3a69de8b724daafeb5 发布日期: 2024-08-30 03:15 修改: 2024-10-18 12:24
openssh	CVE-2024-6387	高危	9.6_p1-r0	9.6_p1-r1	openssh: regreSSHion - race condition in SSH allows RCE/DoS 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-6387 镜像层: sha256:4112e4b0d2bc82cc5d8e434a6d93debc237e6f788b80ec3a69de8b724daafeb5 发布日期: 2024-07-01 13:15 修改: 2024-09-14 03:15
openssh-client-common	CVE-2024-6387	高危	9.6_p1-r0	9.6_p1-r1	openssh: regreSSHion - race condition in SSH allows RCE/DoS 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-6387 镜像层: sha256:4112e4b0d2bc82cc5d8e434a6d93debc237e6f788b80ec3a69de8b724daafeb5 发布日期: 2024-07-01 13:15 修改: 2024-09-14 03:15
openssh-client-default	CVE-2024-6387	高危	9.6_p1-r0	9.6_p1-r1	openssh: regreSSHion - race condition in SSH allows RCE/DoS 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-6387 镜像层: sha256:4112e4b0d2bc82cc5d8e434a6d93debc237e6f788b80ec3a69de8b724daafeb5 发布日期: 2024-07-01 13:15 修改: 2024-09-14 03:15
openssh-keygen	CVE-2024-6387	高危	9.6_p1-r0	9.6_p1-r1	openssh: regreSSHion - race condition in SSH allows RCE/DoS 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-6387 镜像层: sha256:4112e4b0d2bc82cc5d8e434a6d93debc237e6f788b80ec3a69de8b724daafeb5 发布日期: 2024-07-01 13:15 修改: 2024-09-14 03:15
openssh-server	CVE-2024-6387	高危	9.6_p1-r0	9.6_p1-r1	openssh: regreSSHion - race condition in SSH allows RCE/DoS 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-6387 镜像层: sha256:4112e4b0d2bc82cc5d8e434a6d93debc237e6f788b80ec3a69de8b724daafeb5 发布日期: 2024-07-01 13:15 修改: 2024-09-14 03:15
openssh-server-common	CVE-2024-6387	高危	9.6_p1-r0	9.6_p1-r1	openssh: regreSSHion - race condition in SSH allows RCE/DoS 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-6387 镜像层: sha256:4112e4b0d2bc82cc5d8e434a6d93debc237e6f788b80ec3a69de8b724daafeb5 发布日期: 2024-07-01 13:15 修改: 2024-09-14 03:15
openssh-sftp-server	CVE-2024-6387	高危	9.6_p1-r0	9.6_p1-r1	openssh: regreSSHion - race condition in SSH allows RCE/DoS 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-6387 镜像层: sha256:4112e4b0d2bc82cc5d8e434a6d93debc237e6f788b80ec3a69de8b724daafeb5 发布日期: 2024-07-01 13:15 修改: 2024-09-14 03:15
busybox	CVE-2023-42366	中危	1.36.1-r15	1.36.1-r16	busybox: A heap-buffer-overflow 漏洞详情: https://avd.aquasec.com/nvd/cve-2023-42366 镜像层: sha256:d4fc045c9e3a848011de66f34b81f052d4f2c15a17bb196d637e526349601820 发布日期: 2023-11-27 23:15 修改: 2023-11-30 05:08
busybox-binsh	CVE-2023-42363	中危	1.36.1-r15	1.36.1-r17	busybox: use-after-free in awk 漏洞详情: https://avd.aquasec.com/nvd/cve-2023-42363 镜像层: sha256:d4fc045c9e3a848011de66f34b81f052d4f2c15a17bb196d637e526349601820 发布日期: 2023-11-27 22:15 修改: 2023-11-30 05:06
libcurl	CVE-2024-0853	中危	8.5.0-r0	8.6.0-r0	curl: OCSP verification bypass with TLS session reuse 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-0853 镜像层: sha256:4112e4b0d2bc82cc5d8e434a6d93debc237e6f788b80ec3a69de8b724daafeb5 发布日期: 2024-02-03 14:15 修改: 2024-05-03 13:15
libcurl	CVE-2024-2004	中危	8.5.0-r0	8.7.1-r0	curl: Usage of disabled protocol 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-2004 镜像层: sha256:4112e4b0d2bc82cc5d8e434a6d93debc237e6f788b80ec3a69de8b724daafeb5 发布日期: 2024-03-27 08:15 修改: 2024-10-29 16:35
libcurl	CVE-2024-2379	中危	8.5.0-r0	8.7.1-r0	curl: QUIC certificate check bypass with wolfSSL 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-2379 镜像层: sha256:4112e4b0d2bc82cc5d8e434a6d93debc237e6f788b80ec3a69de8b724daafeb5 发布日期: 2024-03-27 08:15 修改: 2024-07-30 02:15
libcurl	CVE-2024-2466	中危	8.5.0-r0	8.7.1-r0	curl: TLS certificate check bypass with mbedTLS 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-2466 镜像层: sha256:4112e4b0d2bc82cc5d8e434a6d93debc237e6f788b80ec3a69de8b724daafeb5 发布日期: 2024-03-27 08:15 修改: 2024-08-23 19:35
libcurl	CVE-2024-6874	中危	8.5.0-r0	8.9.0-r0	curl: macidn punycode buffer overread 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-6874 镜像层: sha256:4112e4b0d2bc82cc5d8e434a6d93debc237e6f788b80ec3a69de8b724daafeb5 发布日期: 2024-07-24 08:15 修改: 2024-09-10 15:27
busybox-binsh	CVE-2023-42364	中危	1.36.1-r15	1.36.1-r19	busybox: use-after-free 漏洞详情: https://avd.aquasec.com/nvd/cve-2023-42364 镜像层: sha256:d4fc045c9e3a848011de66f34b81f052d4f2c15a17bb196d637e526349601820 发布日期: 2023-11-27 23:15 修改: 2024-10-11 21:36
busybox-binsh	CVE-2023-42365	中危	1.36.1-r15	1.36.1-r19	busybox: use-after-free 漏洞详情: https://avd.aquasec.com/nvd/cve-2023-42365 镜像层: sha256:d4fc045c9e3a848011de66f34b81f052d4f2c15a17bb196d637e526349601820 发布日期: 2023-11-27 23:15 修改: 2023-11-30 05:08
busybox-binsh	CVE-2023-42366	中危	1.36.1-r15	1.36.1-r16	busybox: A heap-buffer-overflow 漏洞详情: https://avd.aquasec.com/nvd/cve-2023-42366 镜像层: sha256:d4fc045c9e3a848011de66f34b81f052d4f2c15a17bb196d637e526349601820 发布日期: 2023-11-27 23:15 修改: 2023-11-30 05:08
libexpat	CVE-2024-50602	中危	2.6.2-r0	2.6.4-r0	libexpat: expat: DoS via XML_ResumeParser 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-50602 镜像层: sha256:4112e4b0d2bc82cc5d8e434a6d93debc237e6f788b80ec3a69de8b724daafeb5 发布日期: 2024-10-27 05:15 修改: 2024-10-30 18:35
libssl3	CVE-2024-4603	中危	3.1.4-r5	3.1.5-r0	openssl: Excessive time spent checking DSA keys and parameters 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-4603 镜像层: sha256:d4fc045c9e3a848011de66f34b81f052d4f2c15a17bb196d637e526349601820 发布日期: 2024-05-16 16:15 修改: 2024-10-14 15:15
libssl3	CVE-2024-4741	中危	3.1.4-r5	3.1.6-r0	openssl: Use After Free with SSL_free_buffers 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-4741 镜像层: sha256:d4fc045c9e3a848011de66f34b81f052d4f2c15a17bb196d637e526349601820 发布日期: 0001-01-01 00:00 修改: 0001-01-01 00:00
libssl3	CVE-2024-5535	中危	3.1.4-r5	3.1.6-r0	openssl: SSL_select_next_proto buffer overread 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-5535 镜像层: sha256:d4fc045c9e3a848011de66f34b81f052d4f2c15a17bb196d637e526349601820 发布日期: 2024-06-27 11:15 修改: 2024-07-12 14:15
libssl3	CVE-2024-6119	中危	3.1.4-r5	3.1.7-r0	openssl: Possible denial of service in X.509 name checks 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-6119 镜像层: sha256:d4fc045c9e3a848011de66f34b81f052d4f2c15a17bb196d637e526349601820 发布日期: 2024-09-03 16:15 修改: 2024-09-03 21:35
busybox	CVE-2023-42363	中危	1.36.1-r15	1.36.1-r17	busybox: use-after-free in awk 漏洞详情: https://avd.aquasec.com/nvd/cve-2023-42363 镜像层: sha256:d4fc045c9e3a848011de66f34b81f052d4f2c15a17bb196d637e526349601820 发布日期: 2023-11-27 22:15 修改: 2023-11-30 05:06
busybox	CVE-2023-42364	中危	1.36.1-r15	1.36.1-r19	busybox: use-after-free 漏洞详情: https://avd.aquasec.com/nvd/cve-2023-42364 镜像层: sha256:d4fc045c9e3a848011de66f34b81f052d4f2c15a17bb196d637e526349601820 发布日期: 2023-11-27 23:15 修改: 2024-10-11 21:36
busybox	CVE-2023-42365	中危	1.36.1-r15	1.36.1-r19	busybox: use-after-free 漏洞详情: https://avd.aquasec.com/nvd/cve-2023-42365 镜像层: sha256:d4fc045c9e3a848011de66f34b81f052d4f2c15a17bb196d637e526349601820 发布日期: 2023-11-27 23:15 修改: 2023-11-30 05:08
libcrypto3	CVE-2024-4603	中危	3.1.4-r5	3.1.5-r0	openssl: Excessive time spent checking DSA keys and parameters 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-4603 镜像层: sha256:d4fc045c9e3a848011de66f34b81f052d4f2c15a17bb196d637e526349601820 发布日期: 2024-05-16 16:15 修改: 2024-10-14 15:15
libcrypto3	CVE-2024-4741	中危	3.1.4-r5	3.1.6-r0	openssl: Use After Free with SSL_free_buffers 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-4741 镜像层: sha256:d4fc045c9e3a848011de66f34b81f052d4f2c15a17bb196d637e526349601820 发布日期: 0001-01-01 00:00 修改: 0001-01-01 00:00
libcrypto3	CVE-2024-5535	中危	3.1.4-r5	3.1.6-r0	openssl: SSL_select_next_proto buffer overread 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-5535 镜像层: sha256:d4fc045c9e3a848011de66f34b81f052d4f2c15a17bb196d637e526349601820 发布日期: 2024-06-27 11:15 修改: 2024-07-12 14:15
libcrypto3	CVE-2024-6119	中危	3.1.4-r5	3.1.7-r0	openssl: Possible denial of service in X.509 name checks 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-6119 镜像层: sha256:d4fc045c9e3a848011de66f34b81f052d4f2c15a17bb196d637e526349601820 发布日期: 2024-09-03 16:15 修改: 2024-09-03 21:35
ssl_client	CVE-2023-42363	中危	1.36.1-r15	1.36.1-r17	busybox: use-after-free in awk 漏洞详情: https://avd.aquasec.com/nvd/cve-2023-42363 镜像层: sha256:d4fc045c9e3a848011de66f34b81f052d4f2c15a17bb196d637e526349601820 发布日期: 2023-11-27 22:15 修改: 2023-11-30 05:06
ssl_client	CVE-2023-42364	中危	1.36.1-r15	1.36.1-r19	busybox: use-after-free 漏洞详情: https://avd.aquasec.com/nvd/cve-2023-42364 镜像层: sha256:d4fc045c9e3a848011de66f34b81f052d4f2c15a17bb196d637e526349601820 发布日期: 2023-11-27 23:15 修改: 2024-10-11 21:36
ssl_client	CVE-2023-42365	中危	1.36.1-r15	1.36.1-r19	busybox: use-after-free 漏洞详情: https://avd.aquasec.com/nvd/cve-2023-42365 镜像层: sha256:d4fc045c9e3a848011de66f34b81f052d4f2c15a17bb196d637e526349601820 发布日期: 2023-11-27 23:15 修改: 2023-11-30 05:08
ssl_client	CVE-2023-42366	中危	1.36.1-r15	1.36.1-r16	busybox: A heap-buffer-overflow 漏洞详情: https://avd.aquasec.com/nvd/cve-2023-42366 镜像层: sha256:d4fc045c9e3a848011de66f34b81f052d4f2c15a17bb196d637e526349601820 发布日期: 2023-11-27 23:15 修改: 2023-11-30 05:08
libssl3	CVE-2024-9143	低危	3.1.4-r5	3.1.7-r1	openssl: Low-level invalid GF(2^m) parameters lead to OOB memory access 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-9143 镜像层: sha256:d4fc045c9e3a848011de66f34b81f052d4f2c15a17bb196d637e526349601820 发布日期: 2024-10-16 17:15 修改: 2024-11-08 16:35
libcrypto3	CVE-2024-9143	低危	3.1.4-r5	3.1.7-r1	openssl: Low-level invalid GF(2^m) parameters lead to OOB memory access 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-9143 镜像层: sha256:d4fc045c9e3a848011de66f34b81f052d4f2c15a17bb196d637e526349601820 发布日期: 2024-10-16 17:15 修改: 2024-11-08 16:35
git	CVE-2024-32020	低危	2.43.0-r0	2.43.4-r0	git: insecure hardlinks 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-32020 镜像层: sha256:4112e4b0d2bc82cc5d8e434a6d93debc237e6f788b80ec3a69de8b724daafeb5 发布日期: 2024-05-14 19:15 修改: 2024-06-10 18:15
git	CVE-2024-32021	低危	2.43.0-r0	2.43.4-r0	git: symlink bypass 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-32021 镜像层: sha256:4112e4b0d2bc82cc5d8e434a6d93debc237e6f788b80ec3a69de8b724daafeb5 发布日期: 2024-05-14 20:15 修改: 2024-06-26 10:15
libcrypto3	CVE-2024-2511	低危	3.1.4-r5	3.1.4-r6	openssl: Unbounded memory growth with session handling in TLSv1.3 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-2511 镜像层: sha256:d4fc045c9e3a848011de66f34b81f052d4f2c15a17bb196d637e526349601820 发布日期: 2024-04-08 14:15 修改: 2024-10-14 15:15
libssl3	CVE-2024-2511	低危	3.1.4-r5	3.1.4-r6	openssl: Unbounded memory growth with session handling in TLSv1.3 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-2511 镜像层: sha256:d4fc045c9e3a848011de66f34b81f052d4f2c15a17bb196d637e526349601820 发布日期: 2024-04-08 14:15 修改: 2024-10-14 15:15

app/gitness (gobinary)

低危漏洞:0

中危漏洞:4

高危漏洞:1

严重漏洞:1

软件包	漏洞	安全状态	安装版本	修复版本	漏洞信息
stdlib	CVE-2024-24790	严重	1.22.3	1.21.11, 1.22.4	golang: net/netip: Unexpected behavior from Is methods for IPv4-mapped IPv6 addresses 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-24790 镜像层: sha256:a285d6df9dd74e8ba212c9628fd474592520e9578f9d5be9be501dc3184aab7a 发布日期: 2024-06-05 16:15 修改: 2024-09-03 18:35
stdlib	CVE-2024-34156	高危	1.22.3	1.22.7, 1.23.1	encoding/gob: golang: Calling Decoder.Decode on a message which contains deeply nested structures can cause a panic due to stack exhaustion 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-34156 镜像层: sha256:a285d6df9dd74e8ba212c9628fd474592520e9578f9d5be9be501dc3184aab7a 发布日期: 2024-09-06 21:15 修改: 2024-09-09 15:35
stdlib	CVE-2024-24789	中危	1.22.3	1.21.11, 1.22.4	golang: archive/zip: Incorrect handling of certain ZIP files 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-24789 镜像层: sha256:a285d6df9dd74e8ba212c9628fd474592520e9578f9d5be9be501dc3184aab7a 发布日期: 2024-06-05 16:15 修改: 2024-07-03 01:48
stdlib	CVE-2024-24791	中危	1.22.3	1.21.12, 1.22.5	net/http: Denial of service due to improper 100-continue handling in net/http 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-24791 镜像层: sha256:a285d6df9dd74e8ba212c9628fd474592520e9578f9d5be9be501dc3184aab7a 发布日期: 2024-07-02 22:15 修改: 2024-07-08 14:17
stdlib	CVE-2024-34155	中危	1.22.3	1.22.7, 1.23.1	go/parser: golang: Calling any of the Parse functions containing deeply nested literals can cause a panic/stack exhaustion 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-34155 镜像层: sha256:a285d6df9dd74e8ba212c9628fd474592520e9578f9d5be9be501dc3184aab7a 发布日期: 2024-09-06 21:15 修改: 2024-11-04 17:35
stdlib	CVE-2024-34158	中危	1.22.3	1.22.7, 1.23.1	go/build/constraint: golang: Calling Parse on a "// +build" build tag line with deeply nested expressions can cause a panic due to stack exhaustion 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-34158 镜像层: sha256:a285d6df9dd74e8ba212c9628fd474592520e9578f9d5be9be501dc3184aab7a 发布日期: 2024-09-06 21:15 修改: 2024-09-09 14:35