docker.io/mongo-express:1.0.2-20-alpine3.19 linux/amd64

docker.io/mongo-express:1.0.2-20-alpine3.19 - Trivy安全扫描结果 扫描时间: 2024-11-14 22:09
全部漏洞信息
低危漏洞:8 中危漏洞:7 高危漏洞:6 严重漏洞:1

系统OS: alpine 3.19.4 扫描引擎: Trivy 扫描时间: 2024-11-14 22:09

docker.io/mongo-express:1.0.2-20-alpine3.19 (alpine 3.19.4) (alpine)
低危漏洞:2 中危漏洞:0 高危漏洞:0 严重漏洞:0
软件包 漏洞 安全状态 安装版本 修复版本 漏洞信息
libcrypto3 CVE-2024-9143 低危 3.1.7-r0 3.1.7-r1 openssl: Low-level invalid GF(2^m) parameters lead to OOB memory access

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-9143

镜像层: sha256:ba79b2c0127890636a791eb3ec3993cce08a50cc01fcb1513f0e8fbae41977af

发布日期: 2024-10-16 17:15 修改: 2024-11-08 16:35
libssl3 CVE-2024-9143 低危 3.1.7-r0 3.1.7-r1 openssl: Low-level invalid GF(2^m) parameters lead to OOB memory access

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-9143

镜像层: sha256:ba79b2c0127890636a791eb3ec3993cce08a50cc01fcb1513f0e8fbae41977af

发布日期: 2024-10-16 17:15 修改: 2024-11-08 16:35
Node.js (node-pkg)
低危漏洞:6 中危漏洞:7 高危漏洞:6 严重漏洞:1
软件包 漏洞 安全状态 安装版本 修复版本 漏洞信息
@babel/traverse CVE-2023-45133 严重 7.19.6 7.23.2, 8.0.0-alpha.4 babel: arbitrary code execution

漏洞详情: https://avd.aquasec.com/nvd/cve-2023-45133

镜像层: sha256:e14689271c369a0e0e293679a5028c8dec30bb6ee0700b15be6e38382e3b71f5

发布日期: 2023-10-12 17:15 修改: 2023-10-24 16:52
basic-auth-connect CVE-2024-47178 高危 1.0.0 1.1.0 basic-auth-connect: timing-unsafe equality comparison can leak timing information

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-47178

镜像层: sha256:e14689271c369a0e0e293679a5028c8dec30bb6ee0700b15be6e38382e3b71f5

发布日期: 2024-09-30 16:15 修改: 2024-10-04 13:51
body-parser CVE-2024-45590 高危 1.20.1 1.20.3 body-parser: Denial of Service Vulnerability in body-parser

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-45590

镜像层: sha256:e14689271c369a0e0e293679a5028c8dec30bb6ee0700b15be6e38382e3b71f5

发布日期: 2024-09-10 16:15 修改: 2024-09-20 16:26
ip CVE-2024-29415 高危 2.0.0 node-ip: Incomplete fix for CVE-2023-42282

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-29415

镜像层: sha256:e14689271c369a0e0e293679a5028c8dec30bb6ee0700b15be6e38382e3b71f5

发布日期: 2024-05-27 20:15 修改: 2024-08-16 14:35
json5 CVE-2022-46175 高危 2.2.1 2.2.2, 1.0.2 json5: Prototype Pollution in JSON5 via Parse Method

漏洞详情: https://avd.aquasec.com/nvd/cve-2022-46175

镜像层: sha256:e14689271c369a0e0e293679a5028c8dec30bb6ee0700b15be6e38382e3b71f5

发布日期: 2022-12-24 04:15 修改: 2023-11-26 01:15
path-to-regexp CVE-2024-45296 高危 0.1.7 1.9.0, 0.1.10, 8.0.0, 3.3.0, 6.3.0 path-to-regexp: Backtracking regular expressions cause ReDoS

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-45296

镜像层: sha256:e14689271c369a0e0e293679a5028c8dec30bb6ee0700b15be6e38382e3b71f5

发布日期: 2024-09-09 19:15 修改: 2024-09-10 12:09
semver CVE-2022-25883 高危 6.3.0 7.5.2, 6.3.1, 5.7.2 nodejs-semver: Regular expression denial of service

漏洞详情: https://avd.aquasec.com/nvd/cve-2022-25883

镜像层: sha256:e14689271c369a0e0e293679a5028c8dec30bb6ee0700b15be6e38382e3b71f5

发布日期: 2023-06-21 05:15 修改: 2023-11-07 03:44
express CVE-2024-43796 中危 4.18.2 4.20.0, 5.0.0 express: Improper Input Handling in Express Redirects

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-43796

镜像层: sha256:e14689271c369a0e0e293679a5028c8dec30bb6ee0700b15be6e38382e3b71f5

发布日期: 2024-09-10 15:15 修改: 2024-09-20 16:07
mongo-express CVE-2023-52555 中危 1.0.2 mongo-express Cross-site Request Forgery vulnerability

漏洞详情: https://avd.aquasec.com/nvd/cve-2023-52555

镜像层: sha256:e14689271c369a0e0e293679a5028c8dec30bb6ee0700b15be6e38382e3b71f5

发布日期: 2024-03-01 08:15 修改: 2024-08-29 20:35
mongodb CVE-2021-32050 中危 4.13.0 3.6.10, 4.17.0, 5.8.0 Some MongoDB Drivers may erroneously publish events containing authent ...

漏洞详情: https://avd.aquasec.com/nvd/cve-2021-32050

镜像层: sha256:e14689271c369a0e0e293679a5028c8dec30bb6ee0700b15be6e38382e3b71f5

发布日期: 2023-08-29 16:15 修改: 2023-10-06 15:15
fast-xml-parser CVE-2023-26920 中危 4.0.11 4.1.2 fast-xml-parser vulnerable to Prototype Pollution through tag or attribute name

漏洞详情: https://avd.aquasec.com/nvd/cve-2023-26920

镜像层: sha256:e14689271c369a0e0e293679a5028c8dec30bb6ee0700b15be6e38382e3b71f5

发布日期: 2023-12-12 17:15 修改: 2023-12-14 20:41
express CVE-2024-29041 中危 4.18.2 4.19.2, 5.0.0-beta.3 express: cause malformed URLs to be evaluated

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-29041

镜像层: sha256:e14689271c369a0e0e293679a5028c8dec30bb6ee0700b15be6e38382e3b71f5

发布日期: 2024-03-25 21:15 修改: 2024-03-26 12:55
send CVE-2024-43799 中危 0.18.0 0.19.0 send: Code Execution Vulnerability in Send Library

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-43799

镜像层: sha256:e14689271c369a0e0e293679a5028c8dec30bb6ee0700b15be6e38382e3b71f5

发布日期: 2024-09-10 15:15 修改: 2024-09-20 16:57
serve-static CVE-2024-43800 中危 1.15.0 1.16.0, 2.1.0 serve-static: Improper Sanitization in serve-static

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-43800

镜像层: sha256:e14689271c369a0e0e293679a5028c8dec30bb6ee0700b15be6e38382e3b71f5

发布日期: 2024-09-10 15:15 修改: 2024-09-20 17:36
cookie CVE-2024-47764 低危 0.4.0 0.7.0 cookie: cookie accepts cookie name, path, and domain with out of bounds characters

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-47764

镜像层: sha256:e14689271c369a0e0e293679a5028c8dec30bb6ee0700b15be6e38382e3b71f5

发布日期: 2024-10-04 20:15 修改: 2024-10-07 17:48
cookie CVE-2024-47764 低危 0.4.1 0.7.0 cookie: cookie accepts cookie name, path, and domain with out of bounds characters

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-47764

镜像层: sha256:e14689271c369a0e0e293679a5028c8dec30bb6ee0700b15be6e38382e3b71f5

发布日期: 2024-10-04 20:15 修改: 2024-10-07 17:48
cookie CVE-2024-47764 低危 0.4.2 0.7.0 cookie: cookie accepts cookie name, path, and domain with out of bounds characters

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-47764

镜像层: sha256:e14689271c369a0e0e293679a5028c8dec30bb6ee0700b15be6e38382e3b71f5

发布日期: 2024-10-04 20:15 修改: 2024-10-07 17:48
cookie CVE-2024-47764 低危 0.5.0 0.7.0 cookie: cookie accepts cookie name, path, and domain with out of bounds characters

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-47764

镜像层: sha256:e14689271c369a0e0e293679a5028c8dec30bb6ee0700b15be6e38382e3b71f5

发布日期: 2024-10-04 20:15 修改: 2024-10-07 17:48
ip CVE-2023-42282 低危 2.0.0 2.0.1, 1.1.9 nodejs-ip: arbitrary code execution via the isPublic() function

漏洞详情: https://avd.aquasec.com/nvd/cve-2023-42282

镜像层: sha256:e14689271c369a0e0e293679a5028c8dec30bb6ee0700b15be6e38382e3b71f5

发布日期: 2024-02-08 17:15 修改: 2024-10-09 15:14
es5-ext CVE-2024-27088 低危 0.10.62 0.10.63 es5-ext contains ECMAScript 5 extensions. Passing functions with very ...

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-27088

镜像层: sha256:e14689271c369a0e0e293679a5028c8dec30bb6ee0700b15be6e38382e3b71f5

发布日期: 2024-02-26 17:15 修改: 2024-02-26 22:10