docker.io/nacos/nacos-server:latest linux/amd64

docker.io/nacos/nacos-server:latest - Trivy安全扫描结果 扫描时间: 2025-02-19 09:56
全部漏洞信息
低危漏洞:1 中危漏洞:5 高危漏洞:3 严重漏洞:2

系统OS: alpine 3.21.2 扫描引擎: Trivy 扫描时间: 2025-02-19 09:56

docker.io/nacos/nacos-server:latest (alpine 3.21.2) (alpine)
低危漏洞:0 中危漏洞:0 高危漏洞:0 严重漏洞:0
软件包 漏洞 安全状态 安装版本 修复版本 漏洞信息
Java (jar)
低危漏洞:1 中危漏洞:5 高危漏洞:3 严重漏洞:2
软件包 漏洞 安全状态 安装版本 修复版本 漏洞信息
org.apache.derby:derby CVE-2022-46337 严重 10.14.2.0 10.14.3, 10.15.2.1, 10.16.1.2, 10.17.1.0 A cleverly devised username might bypass LDAP authentication checks. I ...

漏洞详情: https://avd.aquasec.com/nvd/cve-2022-46337

镜像层: sha256:2caf36af57cc83c781b00e9211afc80ae70317237862700ff9dd3d1503c4a450

发布日期: 2023-11-20 09:15 修改: 2024-04-26 16:08
org.springframework:spring-web CVE-2016-1000027 严重 5.3.39 6.0.0 spring: HttpInvokerServiceExporter readRemoteInvocation method untrusted java deserialization

漏洞详情: https://avd.aquasec.com/nvd/cve-2016-1000027

镜像层: sha256:2caf36af57cc83c781b00e9211afc80ae70317237862700ff9dd3d1503c4a450

发布日期: 2020-01-02 23:15 修改: 2023-04-20 09:15
com.alipay.sofa:hessian CVE-2024-46983 高危 3.3.6 3.5.5 SOFA Hessian Remote Command Execution (RCE) Vulnerability

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-46983

镜像层: sha256:2caf36af57cc83c781b00e9211afc80ae70317237862700ff9dd3d1503c4a450

发布日期: 2024-09-19 23:15 修改: 2024-09-25 17:46
org.springframework:spring-webmvc CVE-2024-38816 高危 5.3.39 6.1.13 spring-webmvc: Path Traversal Vulnerability in Spring Applications Using RouterFunctions and FileSystemResource

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-38816

镜像层: sha256:2caf36af57cc83c781b00e9211afc80ae70317237862700ff9dd3d1503c4a450

发布日期: 2024-09-13 06:15 修改: 2024-12-27 16:15
org.springframework:spring-webmvc CVE-2024-38819 高危 5.3.39 6.1.14 org.springframework:spring-webmvc: Path traversal vulnerability in functional web frameworks

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-38819

镜像层: sha256:2caf36af57cc83c781b00e9211afc80ae70317237862700ff9dd3d1503c4a450

发布日期: 2024-12-19 18:15 修改: 2025-01-10 13:15
org.springframework:spring-context CVE-2024-38820 中危 5.3.39 6.1.14 The fix for CVE-2022-22968 made disallowedFieldspatterns in DataBinder ...

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-38820

镜像层: sha256:2caf36af57cc83c781b00e9211afc80ae70317237862700ff9dd3d1503c4a450

发布日期: 2024-10-18 06:15 修改: 2024-11-29 12:15
ch.qos.logback:logback-core CVE-2024-12798 中危 1.2.13 1.5.13, 1.3.15 logback-core: arbitrary code execution via JaninoEventEvaluator

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-12798

镜像层: sha256:2caf36af57cc83c781b00e9211afc80ae70317237862700ff9dd3d1503c4a450

发布日期: 2024-12-19 16:15 修改: 2025-01-03 14:15
org.springframework.ldap:spring-ldap-core CVE-2024-38829 中危 2.4.1 3.2.8, 2.4.4 spring-ldap: Spring LDAP sensitive data exposure for case-sensitive comparisons

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-38829

镜像层: sha256:2caf36af57cc83c781b00e9211afc80ae70317237862700ff9dd3d1503c4a450

发布日期: 2024-12-04 21:15 修改: 2024-12-10 15:15
org.springframework.security:spring-security-core CVE-2024-38827 中危 5.8.15 5.7.14, 5.8.16, 6.0.14, 6.1.12, 6.2.8, 6.3.5 spring-security: authorization bypass for case sensitive comparisons

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-38827

镜像层: sha256:2caf36af57cc83c781b00e9211afc80ae70317237862700ff9dd3d1503c4a450

发布日期: 2024-12-02 15:15 修改: 2024-12-02 15:15
org.springframework:spring-webmvc CVE-2024-38828 中危 5.3.39 5.3.42 org.springframework:spring-webmvc: DoS via Spring MVC controller method with byte[] parameter

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-38828

镜像层: sha256:2caf36af57cc83c781b00e9211afc80ae70317237862700ff9dd3d1503c4a450

发布日期: 2024-11-18 04:15 修改: 2024-11-18 17:11
ch.qos.logback:logback-core CVE-2024-12801 低危 1.2.13 1.5.13, 1.3.15 logback-core: SaxEventRecorder vulnerable to Server-Side Request Forgery (SSRF) attacks

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-12801

镜像层: sha256:2caf36af57cc83c781b00e9211afc80ae70317237862700ff9dd3d1503c4a450

发布日期: 2024-12-19 17:15 修改: 2025-01-03 14:15