docker.io/linuxserver/code-server:latest linux/amd64
docker.io/linuxserver/code-server:latest - Trivy安全扫描结果 扫描时间: 2024-12-23 10:55
全部漏洞信息
低危漏洞:36
中危漏洞:20
高危漏洞:17
严重漏洞:4
系统OS: ubuntu 24.04 扫描引擎: Trivy 扫描时间: 2024-12-23 10:55
docker.io/linuxserver/code-server:latest (ubuntu 24.04) (ubuntu)
低危漏洞:32
中危漏洞:13
高危漏洞:0
严重漏洞:0
| 软件包 | 漏洞 | 安全状态 | 安装版本 | 修复版本 | 漏洞信息 |
|---|---|---|---|---|---|
| krb5-locales | CVE-2024-26462 | 中危 | 1.20.1-6ubuntu2.2 |
krb5: Memory leak at /krb5/src/kdc/ndr.c
漏洞详情: https://avd.aquasec.com/nvd/cve-2024-26462 镜像层: sha256:a0ea4b5f209ebcb88d909fd5c6c6b96945ee90456839ad80ca7e64e286a0be1b 发布日期: 2024-02-29 01:44 修改: 2024-05-14 15:09 |
|
| libgssapi-krb5-2 | CVE-2024-26462 | 中危 | 1.20.1-6ubuntu2.2 |
krb5: Memory leak at /krb5/src/kdc/ndr.c
漏洞详情: https://avd.aquasec.com/nvd/cve-2024-26462 镜像层: sha256:a0ea4b5f209ebcb88d909fd5c6c6b96945ee90456839ad80ca7e64e286a0be1b 发布日期: 2024-02-29 01:44 修改: 2024-05-14 15:09 |
|
| libk5crypto3 | CVE-2024-26462 | 中危 | 1.20.1-6ubuntu2.2 |
krb5: Memory leak at /krb5/src/kdc/ndr.c
漏洞详情: https://avd.aquasec.com/nvd/cve-2024-26462 镜像层: sha256:a0ea4b5f209ebcb88d909fd5c6c6b96945ee90456839ad80ca7e64e286a0be1b 发布日期: 2024-02-29 01:44 修改: 2024-05-14 15:09 |
|
| libkrb5-3 | CVE-2024-26462 | 中危 | 1.20.1-6ubuntu2.2 |
krb5: Memory leak at /krb5/src/kdc/ndr.c
漏洞详情: https://avd.aquasec.com/nvd/cve-2024-26462 镜像层: sha256:a0ea4b5f209ebcb88d909fd5c6c6b96945ee90456839ad80ca7e64e286a0be1b 发布日期: 2024-02-29 01:44 修改: 2024-05-14 15:09 |
|
| libkrb5support0 | CVE-2024-26462 | 中危 | 1.20.1-6ubuntu2.2 |
krb5: Memory leak at /krb5/src/kdc/ndr.c
漏洞详情: https://avd.aquasec.com/nvd/cve-2024-26462 镜像层: sha256:a0ea4b5f209ebcb88d909fd5c6c6b96945ee90456839ad80ca7e64e286a0be1b 发布日期: 2024-02-29 01:44 修改: 2024-05-14 15:09 |
|
| libpam-modules | CVE-2024-10041 | 中危 | 1.5.3-5ubuntu5.1 |
pam: libpam: Libpam vulnerable to read hashed password
漏洞详情: https://avd.aquasec.com/nvd/cve-2024-10041 镜像层: sha256:dba8abaeccbd8a62822dca015b4201aa0efd86df5f4637763a11eae896aaf589 发布日期: 2024-10-23 14:15 修改: 2024-12-18 10:15 |
|
| libpam-modules | CVE-2024-10963 | 中危 | 1.5.3-5ubuntu5.1 |
pam: Improper Hostname Interpretation in pam_access Leads to Access Control Bypass
漏洞详情: https://avd.aquasec.com/nvd/cve-2024-10963 镜像层: sha256:dba8abaeccbd8a62822dca015b4201aa0efd86df5f4637763a11eae896aaf589 发布日期: 2024-11-07 16:15 修改: 2024-11-11 18:15 |
|
| libpam-modules-bin | CVE-2024-10041 | 中危 | 1.5.3-5ubuntu5.1 |
pam: libpam: Libpam vulnerable to read hashed password
漏洞详情: https://avd.aquasec.com/nvd/cve-2024-10041 镜像层: sha256:dba8abaeccbd8a62822dca015b4201aa0efd86df5f4637763a11eae896aaf589 发布日期: 2024-10-23 14:15 修改: 2024-12-18 10:15 |
|
| libpam-modules-bin | CVE-2024-10963 | 中危 | 1.5.3-5ubuntu5.1 |
pam: Improper Hostname Interpretation in pam_access Leads to Access Control Bypass
漏洞详情: https://avd.aquasec.com/nvd/cve-2024-10963 镜像层: sha256:dba8abaeccbd8a62822dca015b4201aa0efd86df5f4637763a11eae896aaf589 发布日期: 2024-11-07 16:15 修改: 2024-11-11 18:15 |
|
| libpam-runtime | CVE-2024-10041 | 中危 | 1.5.3-5ubuntu5.1 |
pam: libpam: Libpam vulnerable to read hashed password
漏洞详情: https://avd.aquasec.com/nvd/cve-2024-10041 镜像层: sha256:dba8abaeccbd8a62822dca015b4201aa0efd86df5f4637763a11eae896aaf589 发布日期: 2024-10-23 14:15 修改: 2024-12-18 10:15 |
|
| libpam-runtime | CVE-2024-10963 | 中危 | 1.5.3-5ubuntu5.1 |
pam: Improper Hostname Interpretation in pam_access Leads to Access Control Bypass
漏洞详情: https://avd.aquasec.com/nvd/cve-2024-10963 镜像层: sha256:dba8abaeccbd8a62822dca015b4201aa0efd86df5f4637763a11eae896aaf589 发布日期: 2024-11-07 16:15 修改: 2024-11-11 18:15 |
|
| libpam0g | CVE-2024-10041 | 中危 | 1.5.3-5ubuntu5.1 |
pam: libpam: Libpam vulnerable to read hashed password
漏洞详情: https://avd.aquasec.com/nvd/cve-2024-10041 镜像层: sha256:dba8abaeccbd8a62822dca015b4201aa0efd86df5f4637763a11eae896aaf589 发布日期: 2024-10-23 14:15 修改: 2024-12-18 10:15 |
|
| libpam0g | CVE-2024-10963 | 中危 | 1.5.3-5ubuntu5.1 |
pam: Improper Hostname Interpretation in pam_access Leads to Access Control Bypass
漏洞详情: https://avd.aquasec.com/nvd/cve-2024-10963 镜像层: sha256:dba8abaeccbd8a62822dca015b4201aa0efd86df5f4637763a11eae896aaf589 发布日期: 2024-11-07 16:15 修改: 2024-11-11 18:15 |
|
| keyboxd | CVE-2022-3219 | 低危 | 2.4.4-2ubuntu17 |
gnupg: denial of service issue (resource consumption) using compressed packets
漏洞详情: https://avd.aquasec.com/nvd/cve-2022-3219 镜像层: sha256:a0ea4b5f209ebcb88d909fd5c6c6b96945ee90456839ad80ca7e64e286a0be1b 发布日期: 2023-02-23 20:15 修改: 2023-05-26 16:31 |
|
| coreutils | CVE-2016-2781 | 低危 | 9.4-3ubuntu6 |
coreutils: Non-privileged session can escape to the parent session in chroot
漏洞详情: https://avd.aquasec.com/nvd/cve-2016-2781 镜像层: sha256:dba8abaeccbd8a62822dca015b4201aa0efd86df5f4637763a11eae896aaf589 发布日期: 2017-02-07 15:59 修改: 2023-11-07 02:32 |
|
| krb5-locales | CVE-2024-26458 | 低危 | 1.20.1-6ubuntu2.2 |
krb5: Memory leak at /krb5/src/lib/rpc/pmap_rmt.c
漏洞详情: https://avd.aquasec.com/nvd/cve-2024-26458 镜像层: sha256:a0ea4b5f209ebcb88d909fd5c6c6b96945ee90456839ad80ca7e64e286a0be1b 发布日期: 2024-02-29 01:44 修改: 2024-12-06 21:15 |
|
| krb5-locales | CVE-2024-26461 | 低危 | 1.20.1-6ubuntu2.2 |
krb5: Memory leak at /krb5/src/lib/gssapi/krb5/k5sealv3.c
漏洞详情: https://avd.aquasec.com/nvd/cve-2024-26461 镜像层: sha256:a0ea4b5f209ebcb88d909fd5c6c6b96945ee90456839ad80ca7e64e286a0be1b 发布日期: 2024-02-29 01:44 修改: 2024-08-14 16:35 |
|
| libc-bin | CVE-2016-20013 | 低危 | 2.39-0ubuntu8.3 |
漏洞详情: https://avd.aquasec.com/nvd/cve-2016-20013 镜像层: sha256:dba8abaeccbd8a62822dca015b4201aa0efd86df5f4637763a11eae896aaf589 发布日期: 2022-02-19 05:15 修改: 2022-03-03 16:43 |
|
| libc6 | CVE-2016-20013 | 低危 | 2.39-0ubuntu8.3 |
漏洞详情: https://avd.aquasec.com/nvd/cve-2016-20013 镜像层: sha256:dba8abaeccbd8a62822dca015b4201aa0efd86df5f4637763a11eae896aaf589 发布日期: 2022-02-19 05:15 修改: 2022-03-03 16:43 |
|
| libgcrypt20 | CVE-2024-2236 | 低危 | 1.10.3-2build1 |
libgcrypt: vulnerable to Marvin Attack
漏洞详情: https://avd.aquasec.com/nvd/cve-2024-2236 镜像层: sha256:dba8abaeccbd8a62822dca015b4201aa0efd86df5f4637763a11eae896aaf589 发布日期: 2024-03-06 22:15 修改: 2024-11-12 18:15 |
|
| dirmngr | CVE-2022-3219 | 低危 | 2.4.4-2ubuntu17 |
gnupg: denial of service issue (resource consumption) using compressed packets
漏洞详情: https://avd.aquasec.com/nvd/cve-2022-3219 镜像层: sha256:a0ea4b5f209ebcb88d909fd5c6c6b96945ee90456839ad80ca7e64e286a0be1b 发布日期: 2023-02-23 20:15 修改: 2023-05-26 16:31 |
|
| libgssapi-krb5-2 | CVE-2024-26458 | 低危 | 1.20.1-6ubuntu2.2 |
krb5: Memory leak at /krb5/src/lib/rpc/pmap_rmt.c
漏洞详情: https://avd.aquasec.com/nvd/cve-2024-26458 镜像层: sha256:a0ea4b5f209ebcb88d909fd5c6c6b96945ee90456839ad80ca7e64e286a0be1b 发布日期: 2024-02-29 01:44 修改: 2024-12-06 21:15 |
|
| libgssapi-krb5-2 | CVE-2024-26461 | 低危 | 1.20.1-6ubuntu2.2 |
krb5: Memory leak at /krb5/src/lib/gssapi/krb5/k5sealv3.c
漏洞详情: https://avd.aquasec.com/nvd/cve-2024-26461 镜像层: sha256:a0ea4b5f209ebcb88d909fd5c6c6b96945ee90456839ad80ca7e64e286a0be1b 发布日期: 2024-02-29 01:44 修改: 2024-08-14 16:35 |
|
| git | CVE-2018-1000021 | 低危 | 1:2.43.0-1ubuntu7.1 |
git: client prints server-sent ANSI escape codes to the terminal, allowing for unverified messages to potentially execute arbitrary commands
漏洞详情: https://avd.aquasec.com/nvd/cve-2018-1000021 镜像层: sha256:ccf34aaea3906551d571d4e01291e78c0b6541e4ec3b5436e579b6bc03b377bc 发布日期: 2018-02-09 23:29 修改: 2024-10-24 17:58 |
|
| libk5crypto3 | CVE-2024-26458 | 低危 | 1.20.1-6ubuntu2.2 |
krb5: Memory leak at /krb5/src/lib/rpc/pmap_rmt.c
漏洞详情: https://avd.aquasec.com/nvd/cve-2024-26458 镜像层: sha256:a0ea4b5f209ebcb88d909fd5c6c6b96945ee90456839ad80ca7e64e286a0be1b 发布日期: 2024-02-29 01:44 修改: 2024-12-06 21:15 |
|
| libk5crypto3 | CVE-2024-26461 | 低危 | 1.20.1-6ubuntu2.2 |
krb5: Memory leak at /krb5/src/lib/gssapi/krb5/k5sealv3.c
漏洞详情: https://avd.aquasec.com/nvd/cve-2024-26461 镜像层: sha256:a0ea4b5f209ebcb88d909fd5c6c6b96945ee90456839ad80ca7e64e286a0be1b 发布日期: 2024-02-29 01:44 修改: 2024-08-14 16:35 |
|
| git-man | CVE-2018-1000021 | 低危 | 1:2.43.0-1ubuntu7.1 |
git: client prints server-sent ANSI escape codes to the terminal, allowing for unverified messages to potentially execute arbitrary commands
漏洞详情: https://avd.aquasec.com/nvd/cve-2018-1000021 镜像层: sha256:ccf34aaea3906551d571d4e01291e78c0b6541e4ec3b5436e579b6bc03b377bc 发布日期: 2018-02-09 23:29 修改: 2024-10-24 17:58 |
|
| libkrb5-3 | CVE-2024-26458 | 低危 | 1.20.1-6ubuntu2.2 |
krb5: Memory leak at /krb5/src/lib/rpc/pmap_rmt.c
漏洞详情: https://avd.aquasec.com/nvd/cve-2024-26458 镜像层: sha256:a0ea4b5f209ebcb88d909fd5c6c6b96945ee90456839ad80ca7e64e286a0be1b 发布日期: 2024-02-29 01:44 修改: 2024-12-06 21:15 |
|
| libkrb5-3 | CVE-2024-26461 | 低危 | 1.20.1-6ubuntu2.2 |
krb5: Memory leak at /krb5/src/lib/gssapi/krb5/k5sealv3.c
漏洞详情: https://avd.aquasec.com/nvd/cve-2024-26461 镜像层: sha256:a0ea4b5f209ebcb88d909fd5c6c6b96945ee90456839ad80ca7e64e286a0be1b 发布日期: 2024-02-29 01:44 修改: 2024-08-14 16:35 |
|
| gnupg | CVE-2022-3219 | 低危 | 2.4.4-2ubuntu17 |
gnupg: denial of service issue (resource consumption) using compressed packets
漏洞详情: https://avd.aquasec.com/nvd/cve-2022-3219 镜像层: sha256:a0ea4b5f209ebcb88d909fd5c6c6b96945ee90456839ad80ca7e64e286a0be1b 发布日期: 2023-02-23 20:15 修改: 2023-05-26 16:31 |
|
| libkrb5support0 | CVE-2024-26458 | 低危 | 1.20.1-6ubuntu2.2 |
krb5: Memory leak at /krb5/src/lib/rpc/pmap_rmt.c
漏洞详情: https://avd.aquasec.com/nvd/cve-2024-26458 镜像层: sha256:a0ea4b5f209ebcb88d909fd5c6c6b96945ee90456839ad80ca7e64e286a0be1b 发布日期: 2024-02-29 01:44 修改: 2024-12-06 21:15 |
|
| libkrb5support0 | CVE-2024-26461 | 低危 | 1.20.1-6ubuntu2.2 |
krb5: Memory leak at /krb5/src/lib/gssapi/krb5/k5sealv3.c
漏洞详情: https://avd.aquasec.com/nvd/cve-2024-26461 镜像层: sha256:a0ea4b5f209ebcb88d909fd5c6c6b96945ee90456839ad80ca7e64e286a0be1b 发布日期: 2024-02-29 01:44 修改: 2024-08-14 16:35 |
|
| gnupg-l10n | CVE-2022-3219 | 低危 | 2.4.4-2ubuntu17 |
gnupg: denial of service issue (resource consumption) using compressed packets
漏洞详情: https://avd.aquasec.com/nvd/cve-2022-3219 镜像层: sha256:a0ea4b5f209ebcb88d909fd5c6c6b96945ee90456839ad80ca7e64e286a0be1b 发布日期: 2023-02-23 20:15 修改: 2023-05-26 16:31 |
|
| gnupg-utils | CVE-2022-3219 | 低危 | 2.4.4-2ubuntu17 |
gnupg: denial of service issue (resource consumption) using compressed packets
漏洞详情: https://avd.aquasec.com/nvd/cve-2022-3219 镜像层: sha256:a0ea4b5f209ebcb88d909fd5c6c6b96945ee90456839ad80ca7e64e286a0be1b 发布日期: 2023-02-23 20:15 修改: 2023-05-26 16:31 |
|
| gpg | CVE-2022-3219 | 低危 | 2.4.4-2ubuntu17 |
gnupg: denial of service issue (resource consumption) using compressed packets
漏洞详情: https://avd.aquasec.com/nvd/cve-2022-3219 镜像层: sha256:a0ea4b5f209ebcb88d909fd5c6c6b96945ee90456839ad80ca7e64e286a0be1b 发布日期: 2023-02-23 20:15 修改: 2023-05-26 16:31 |
|
| gpg-agent | CVE-2022-3219 | 低危 | 2.4.4-2ubuntu17 |
gnupg: denial of service issue (resource consumption) using compressed packets
漏洞详情: https://avd.aquasec.com/nvd/cve-2022-3219 镜像层: sha256:a0ea4b5f209ebcb88d909fd5c6c6b96945ee90456839ad80ca7e64e286a0be1b 发布日期: 2023-02-23 20:15 修改: 2023-05-26 16:31 |
|
| gpg-wks-client | CVE-2022-3219 | 低危 | 2.4.4-2ubuntu17 |
gnupg: denial of service issue (resource consumption) using compressed packets
漏洞详情: https://avd.aquasec.com/nvd/cve-2022-3219 镜像层: sha256:a0ea4b5f209ebcb88d909fd5c6c6b96945ee90456839ad80ca7e64e286a0be1b 发布日期: 2023-02-23 20:15 修改: 2023-05-26 16:31 |
|
| gpgconf | CVE-2022-3219 | 低危 | 2.4.4-2ubuntu17 |
gnupg: denial of service issue (resource consumption) using compressed packets
漏洞详情: https://avd.aquasec.com/nvd/cve-2022-3219 镜像层: sha256:a0ea4b5f209ebcb88d909fd5c6c6b96945ee90456839ad80ca7e64e286a0be1b 发布日期: 2023-02-23 20:15 修改: 2023-05-26 16:31 |
|
| gpgsm | CVE-2022-3219 | 低危 | 2.4.4-2ubuntu17 |
gnupg: denial of service issue (resource consumption) using compressed packets
漏洞详情: https://avd.aquasec.com/nvd/cve-2022-3219 镜像层: sha256:a0ea4b5f209ebcb88d909fd5c6c6b96945ee90456839ad80ca7e64e286a0be1b 发布日期: 2023-02-23 20:15 修改: 2023-05-26 16:31 |
|
| gpgv | CVE-2022-3219 | 低危 | 2.4.4-2ubuntu17 |
gnupg: denial of service issue (resource consumption) using compressed packets
漏洞详情: https://avd.aquasec.com/nvd/cve-2022-3219 镜像层: sha256:dba8abaeccbd8a62822dca015b4201aa0efd86df5f4637763a11eae896aaf589 发布日期: 2023-02-23 20:15 修改: 2023-05-26 16:31 |
|
| libssl3t64 | CVE-2024-41996 | 低危 | 3.0.13-0ubuntu3.4 |
openssl: remote attackers (from the client side) to trigger unnecessarily expensive server-side DHE modular-exponentiation calculations
漏洞详情: https://avd.aquasec.com/nvd/cve-2024-41996 镜像层: sha256:dba8abaeccbd8a62822dca015b4201aa0efd86df5f4637763a11eae896aaf589 发布日期: 2024-08-26 06:15 修改: 2024-08-26 16:35 |
|
| locales | CVE-2016-20013 | 低危 | 2.39-0ubuntu8.3 |
漏洞详情: https://avd.aquasec.com/nvd/cve-2016-20013 镜像层: sha256:a0ea4b5f209ebcb88d909fd5c6c6b96945ee90456839ad80ca7e64e286a0be1b 发布日期: 2022-02-19 05:15 修改: 2022-03-03 16:43 |
|
| openssl | CVE-2024-41996 | 低危 | 3.0.13-0ubuntu3.4 |
openssl: remote attackers (from the client side) to trigger unnecessarily expensive server-side DHE modular-exponentiation calculations
漏洞详情: https://avd.aquasec.com/nvd/cve-2024-41996 镜像层: sha256:a0ea4b5f209ebcb88d909fd5c6c6b96945ee90456839ad80ca7e64e286a0be1b 发布日期: 2024-08-26 06:15 修改: 2024-08-26 16:35 |
|
| patch | CVE-2018-6952 | 低危 | 2.7.6-7build3 |
patch: Double free of memory in pch.c:another_hunk() causes a crash
漏洞详情: https://avd.aquasec.com/nvd/cve-2018-6952 镜像层: sha256:ccf34aaea3906551d571d4e01291e78c0b6541e4ec3b5436e579b6bc03b377bc 发布日期: 2018-02-13 19:29 修改: 2019-04-17 20:29 |
|
| patch | CVE-2021-45261 | 低危 | 2.7.6-7build3 |
patch: Invalid Pointer via another_hunk function
漏洞详情: https://avd.aquasec.com/nvd/cve-2021-45261 镜像层: sha256:ccf34aaea3906551d571d4e01291e78c0b6541e4ec3b5436e579b6bc03b377bc 发布日期: 2021-12-22 18:15 修改: 2021-12-28 14:24 |
Node.js (node-pkg)
低危漏洞:4
中危漏洞:7
高危漏洞:17
严重漏洞:4
| 软件包 | 漏洞 | 安全状态 | 安装版本 | 修复版本 | 漏洞信息 |
|---|---|---|---|---|---|
| code-server | CVE-2023-26114 | 严重 | 1.96.2 | 4.10.1 |
code-server vulnerable to Missing Origin Validation in WebSockets
漏洞详情: https://avd.aquasec.com/nvd/cve-2023-26114 镜像层: sha256:ccf34aaea3906551d571d4e01291e78c0b6541e4ec3b5436e579b6bc03b377bc 发布日期: 2023-03-23 05:15 修改: 2023-11-07 04:09 |
| handlebars | CVE-2019-19919 | 严重 | 1.0.0 | 4.3.0, 3.0.8 |
nodejs-handlebars: prototype pollution leading to remote code execution via crafted payloads
漏洞详情: https://avd.aquasec.com/nvd/cve-2019-19919 镜像层: sha256:ccf34aaea3906551d571d4e01291e78c0b6541e4ec3b5436e579b6bc03b377bc 发布日期: 2019-12-20 23:15 修改: 2022-06-03 18:48 |
| handlebars | CVE-2021-23369 | 严重 | 1.0.0 | 4.7.7 |
nodejs-handlebars: Remote code execution when compiling untrusted compile templates with strict:true option
漏洞详情: https://avd.aquasec.com/nvd/cve-2021-23369 镜像层: sha256:ccf34aaea3906551d571d4e01291e78c0b6541e4ec3b5436e579b6bc03b377bc 发布日期: 2021-04-12 14:15 修改: 2021-06-08 13:54 |
| handlebars | CVE-2021-23383 | 严重 | 1.0.0 | 4.7.7 |
nodejs-handlebars: Remote code execution when compiling untrusted compile templates with compat:true option
漏洞详情: https://avd.aquasec.com/nvd/cve-2021-23383 镜像层: sha256:ccf34aaea3906551d571d4e01291e78c0b6541e4ec3b5436e579b6bc03b377bc 发布日期: 2021-05-04 09:15 修改: 2021-12-03 19:59 |
| grunt | CVE-2022-1537 | 高危 | 1.0.0 | 1.5.3 |
gruntjs: race condition leading to arbitrary file write
漏洞详情: https://avd.aquasec.com/nvd/cve-2022-1537 镜像层: sha256:ccf34aaea3906551d571d4e01291e78c0b6541e4ec3b5436e579b6bc03b377bc 发布日期: 2022-05-10 14:15 修改: 2023-04-05 22:15 |
| code-server | CVE-2021-3810 | 高危 | 1.96.2 | 3.12.0 |
Inefficient Regular Expression Complexity in code-server
漏洞详情: https://avd.aquasec.com/nvd/cve-2021-3810 镜像层: sha256:ccf34aaea3906551d571d4e01291e78c0b6541e4ec3b5436e579b6bc03b377bc 发布日期: 2021-09-17 07:15 修改: 2023-07-10 19:02 |
| diff | GHSA-h6ch-v84p-w6p9 | 高危 | 1.0.0 | 3.5.0 |
Regular Expression Denial of Service (ReDoS)
漏洞详情: https://github.com/advisories/GHSA-h6ch-v84p-w6p9 镜像层: sha256:ccf34aaea3906551d571d4e01291e78c0b6541e4ec3b5436e579b6bc03b377bc 发布日期: 0001-01-01 00:00 修改: 0001-01-01 00:00 |
| grunt | CVE-2020-7729 | 高危 | 1.0.0 | 1.3.0 |
The package grunt before 1.3.0 are vulnerable to Arbitrary Code Execut ...
漏洞详情: https://avd.aquasec.com/nvd/cve-2020-7729 镜像层: sha256:ccf34aaea3906551d571d4e01291e78c0b6541e4ec3b5436e579b6bc03b377bc 发布日期: 2020-09-03 09:15 修改: 2022-11-16 14:05 |
| handlebars | CVE-2019-20920 | 高危 | 1.0.0 | 3.0.8, 4.5.3 |
nodejs-handlebars: lookup helper fails to properly validate templates allowing for arbitrary JavaScript execution
漏洞详情: https://avd.aquasec.com/nvd/cve-2019-20920 镜像层: sha256:ccf34aaea3906551d571d4e01291e78c0b6541e4ec3b5436e579b6bc03b377bc 发布日期: 2020-09-30 18:15 修改: 2020-10-15 17:35 |
| handlebars | GHSA-2cf5-4w76-r9qv | 高危 | 1.0.0 | 3.0.8, 4.5.2 |
Arbitrary Code Execution in handlebars
漏洞详情: https://github.com/advisories/GHSA-2cf5-4w76-r9qv 镜像层: sha256:ccf34aaea3906551d571d4e01291e78c0b6541e4ec3b5436e579b6bc03b377bc 发布日期: 0001-01-01 00:00 修改: 0001-01-01 00:00 |
| handlebars | GHSA-g9r4-xpmj-mj65 | 高危 | 1.0.0 | 3.0.8, 4.5.3 |
Prototype Pollution in handlebars
漏洞详情: https://github.com/advisories/GHSA-g9r4-xpmj-mj65 镜像层: sha256:ccf34aaea3906551d571d4e01291e78c0b6541e4ec3b5436e579b6bc03b377bc 发布日期: 0001-01-01 00:00 修改: 0001-01-01 00:00 |
| handlebars | GHSA-q2c6-c6pm-g3gh | 高危 | 1.0.0 | 3.0.8, 4.5.3 |
Arbitrary Code Execution in handlebars
漏洞详情: https://github.com/advisories/GHSA-q2c6-c6pm-g3gh 镜像层: sha256:ccf34aaea3906551d571d4e01291e78c0b6541e4ec3b5436e579b6bc03b377bc 发布日期: 0001-01-01 00:00 修改: 0001-01-01 00:00 |
| handlebars | GHSA-q42p-pg8m-cqh6 | 高危 | 1.0.0 | 4.1.2, 4.0.14, 3.0.7 |
Prototype Pollution in handlebars
漏洞详情: https://github.com/advisories/GHSA-q42p-pg8m-cqh6 镜像层: sha256:ccf34aaea3906551d571d4e01291e78c0b6541e4ec3b5436e579b6bc03b377bc 发布日期: 0001-01-01 00:00 修改: 0001-01-01 00:00 |
| ini | CVE-2020-7788 | 高危 | 1.0.0 | 1.3.6 |
nodejs-ini: Prototype pollution via malicious INI file
漏洞详情: https://avd.aquasec.com/nvd/cve-2020-7788 镜像层: sha256:ccf34aaea3906551d571d4e01291e78c0b6541e4ec3b5436e579b6bc03b377bc 发布日期: 2020-12-11 11:15 修改: 2022-12-02 19:40 |
| json | CVE-2020-7712 | 高危 | 1.0.0 | 10.0.0 |
trentm/json vulnerable to command injection
漏洞详情: https://avd.aquasec.com/nvd/cve-2020-7712 镜像层: sha256:ccf34aaea3906551d571d4e01291e78c0b6541e4ec3b5436e579b6bc03b377bc 发布日期: 2020-08-30 08:15 修改: 2023-11-07 03:26 |
| npm | CVE-2018-7408 | 高危 | 1.0.1 | 5.7.1 |
Incorrect Permission Assignment for Critical Resource in NPM
漏洞详情: https://avd.aquasec.com/nvd/cve-2018-7408 镜像层: sha256:ccf34aaea3906551d571d4e01291e78c0b6541e4ec3b5436e579b6bc03b377bc 发布日期: 2018-02-22 18:29 修改: 2019-10-03 00:03 |
| npm | CVE-2019-16775 | 高危 | 1.0.1 | 6.13.3 |
npm: Symlink reference outside of node_modules folder through the bin field upon installation
漏洞详情: https://avd.aquasec.com/nvd/cve-2019-16775 镜像层: sha256:ccf34aaea3906551d571d4e01291e78c0b6541e4ec3b5436e579b6bc03b377bc 发布日期: 2019-12-13 01:15 修改: 2023-11-07 03:05 |
| npm | CVE-2019-16776 | 高危 | 1.0.1 | 6.13.3 |
npm: Arbitrary file write via constructed entry in the package.json bin field
漏洞详情: https://avd.aquasec.com/nvd/cve-2019-16776 镜像层: sha256:ccf34aaea3906551d571d4e01291e78c0b6541e4ec3b5436e579b6bc03b377bc 发布日期: 2019-12-13 01:15 修改: 2023-11-07 03:05 |
| npm | CVE-2019-16777 | 高危 | 1.0.1 | 6.13.4 |
npm: Global node_modules Binary Overwrite
漏洞详情: https://avd.aquasec.com/nvd/cve-2019-16777 镜像层: sha256:ccf34aaea3906551d571d4e01291e78c0b6541e4ec3b5436e579b6bc03b377bc 发布日期: 2019-12-13 01:15 修改: 2023-11-07 03:05 |
| path-to-regexp | CVE-2024-45296 | 高危 | 3.2.0 | 1.9.0, 0.1.10, 8.0.0, 3.3.0, 6.3.0 |
path-to-regexp: Backtracking regular expressions cause ReDoS
漏洞详情: https://avd.aquasec.com/nvd/cve-2024-45296 镜像层: sha256:ccf34aaea3906551d571d4e01291e78c0b6541e4ec3b5436e579b6bc03b377bc 发布日期: 2024-09-09 19:15 修改: 2024-09-10 12:09 |
| pug | CVE-2021-21353 | 高危 | 1.0.0 | 3.0.1 |
pug: user provided objects as input to pug templates can achieve remote code execution
漏洞详情: https://avd.aquasec.com/nvd/cve-2021-21353 镜像层: sha256:ccf34aaea3906551d571d4e01291e78c0b6541e4ec3b5436e579b6bc03b377bc 发布日期: 2021-03-03 02:15 修改: 2021-03-09 15:35 |
| code-server | CVE-2021-42648 | 中危 | 1.96.2 | 3.12.0 |
Cross site scripting in code-server
漏洞详情: https://avd.aquasec.com/nvd/cve-2021-42648 镜像层: sha256:ccf34aaea3906551d571d4e01291e78c0b6541e4ec3b5436e579b6bc03b377bc 发布日期: 2022-05-11 18:15 修改: 2022-05-20 16:33 |
| grunt | CVE-2022-0436 | 中危 | 1.0.0 | 1.5.2 |
Path Traversal in GitHub repository gruntjs/grunt prior to 1.5.2.
漏洞详情: https://avd.aquasec.com/nvd/cve-2022-0436 镜像层: sha256:ccf34aaea3906551d571d4e01291e78c0b6541e4ec3b5436e579b6bc03b377bc 发布日期: 2022-04-12 21:15 修改: 2023-04-06 15:15 |
| npm | CVE-2016-3956 | 中危 | 1.0.1 | >= 2.15.1 <= 3.0.0, >= 3.8.3 |
npm: bearer token leak to non-registry hosts
漏洞详情: https://avd.aquasec.com/nvd/cve-2016-3956 镜像层: sha256:ccf34aaea3906551d571d4e01291e78c0b6541e4ec3b5436e579b6bc03b377bc 发布日期: 2016-07-02 14:59 修改: 2021-06-15 16:30 |
| npm | CVE-2020-15095 | 中危 | 1.0.1 | 6.14.6 |
npm: sensitive information exposure through logs
漏洞详情: https://avd.aquasec.com/nvd/cve-2020-15095 镜像层: sha256:ccf34aaea3906551d571d4e01291e78c0b6541e4ec3b5436e579b6bc03b377bc 发布日期: 2020-07-07 19:15 修改: 2023-11-07 03:17 |
| handlebars | CVE-2015-8861 | 中危 | 1.0.0 | >=4.0.0 |
The handlebars package before 4.0.0 for Node.js allows remote attacker ...
漏洞详情: https://avd.aquasec.com/nvd/cve-2015-8861 镜像层: sha256:ccf34aaea3906551d571d4e01291e78c0b6541e4ec3b5436e579b6bc03b377bc 发布日期: 2017-01-23 21:59 修改: 2020-04-22 12:54 |
| handlebars | NSWG-ECO-519 | 中危 | 1.0.0 | >=4.6.0 |
Denial of Service
漏洞详情: https://hackerone.com/reports/726364 镜像层: sha256:ccf34aaea3906551d571d4e01291e78c0b6541e4ec3b5436e579b6bc03b377bc 发布日期: 0001-01-01 00:00 修改: 0001-01-01 00:00 |
| pug | CVE-2024-36361 | 中危 | 1.0.0 | 3.0.3 |
Pug allows JavaScript code execution if an application accepts untrusted input
漏洞详情: https://avd.aquasec.com/nvd/cve-2024-36361 镜像层: sha256:ccf34aaea3906551d571d4e01291e78c0b6541e4ec3b5436e579b6bc03b377bc 发布日期: 2024-05-24 06:15 修改: 2024-08-02 04:17 |
| npm | CVE-2013-4116 | 低危 | 1.0.1 | >=1.3.3 |
npm: Insecure temporary directory generation
漏洞详情: https://avd.aquasec.com/nvd/cve-2013-4116 镜像层: sha256:ccf34aaea3906551d571d4e01291e78c0b6541e4ec3b5436e579b6bc03b377bc 发布日期: 2014-04-22 14:23 修改: 2020-10-14 13:21 |
| cookie | CVE-2024-47764 | 低危 | 0.4.1 | 0.7.0 |
cookie: cookie accepts cookie name, path, and domain with out of bounds characters
漏洞详情: https://avd.aquasec.com/nvd/cve-2024-47764 镜像层: sha256:ccf34aaea3906551d571d4e01291e78c0b6541e4ec3b5436e579b6bc03b377bc 发布日期: 2024-10-04 20:15 修改: 2024-10-07 17:48 |
| cookie | CVE-2024-47764 | 低危 | 0.6.0 | 0.7.0 |
cookie: cookie accepts cookie name, path, and domain with out of bounds characters
漏洞详情: https://avd.aquasec.com/nvd/cve-2024-47764 镜像层: sha256:ccf34aaea3906551d571d4e01291e78c0b6541e4ec3b5436e579b6bc03b377bc 发布日期: 2024-10-04 20:15 修改: 2024-10-07 17:48 |
| markdown | GHSA-wx77-rp39-c6vg | 低危 | 1.0.0 |
Regular Expression Denial of Service in markdown
漏洞详情: https://github.com/advisories/GHSA-wx77-rp39-c6vg 镜像层: sha256:ccf34aaea3906551d571d4e01291e78c0b6541e4ec3b5436e579b6bc03b377bc 发布日期: 0001-01-01 00:00 修改: 0001-01-01 00:00 |