docker.io/nacos/nacos-server:v2.5.3 linux/amd64

docker.io/nacos/nacos-server:v2.5.3 - Trivy安全扫描结果 扫描时间: 2026-07-17 09:44
全部漏洞信息
低危漏洞:8 中危漏洞:11 高危漏洞:7 严重漏洞:3

系统OS: alpine 3.24.1 扫描引擎: Trivy 扫描时间: 2026-07-17 09:44

docker.io/nacos/nacos-server:v2.5.3 (alpine 3.24.1) (alpine)
低危漏洞:0 中危漏洞:0 高危漏洞:0 严重漏洞:0
软件包 漏洞 安全状态 安装版本 修复版本 漏洞信息
Java (jar)
低危漏洞:8 中危漏洞:11 高危漏洞:7 严重漏洞:3
软件包 漏洞 安全状态 安装版本 修复版本 漏洞信息
org.apache.derby:derby CVE-2022-46337 严重 10.14.2.0 10.14.2.1, 10.16.1.2, 10.15.2.1 A cleverly devised username might bypass LDAP authentication checks. I ...

漏洞详情: https://avd.aquasec.com/nvd/cve-2022-46337

镜像层: sha256:da249eeda6f156faccbf0bb5703725c9f9f98134268e820de40f7dabe92c50ea

发布日期: 2023-11-20 09:15 修改: 2026-06-17 05:11

org.springframework.security:spring-security-web CVE-2026-22732 严重 5.8.16 6.5.9, 7.0.4 Spring Security: Spring Security: Security policy bypass and information disclosure due to unwritten HTTP headers

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-22732

镜像层: sha256:da249eeda6f156faccbf0bb5703725c9f9f98134268e820de40f7dabe92c50ea

发布日期: 2026-03-19 23:16 修改: 2026-06-17 10:20

org.springframework:spring-web CVE-2016-1000027 严重 5.3.39 6.0.0 spring: HttpInvokerServiceExporter readRemoteInvocation method untrusted java deserialization

漏洞详情: https://avd.aquasec.com/nvd/cve-2016-1000027

镜像层: sha256:da249eeda6f156faccbf0bb5703725c9f9f98134268e820de40f7dabe92c50ea

发布日期: 2020-01-02 23:15 修改: 2024-11-21 02:42

org.springframework.boot:spring-boot CVE-2026-40973 高危 2.7.18 4.0.6, 3.5.14 Spring Boot: Spring Boot: Arbitrary Code Execution and Session Hijacking via predictable temporary directory

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-40973

镜像层: sha256:da249eeda6f156faccbf0bb5703725c9f9f98134268e820de40f7dabe92c50ea

发布日期: 2026-04-28 00:16 修改: 2026-06-17 10:45

org.springframework.security:spring-security-crypto CVE-2025-22228 高危 5.8.16 6.3.8, 6.4.4, 6.2.10, 6.1.14, 6.0.16, 5.8.18, 5.7.16 spring-security-core: Spring Security BCryptPasswordEncoder does not enforce maximum password length

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-22228

镜像层: sha256:da249eeda6f156faccbf0bb5703725c9f9f98134268e820de40f7dabe92c50ea

发布日期: 2025-03-20 06:15 修改: 2026-06-17 08:45

com.alipay.sofa:hessian CVE-2024-46983 高危 3.3.6 3.5.5 SOFA Hessian Remote Command Execution (RCE) Vulnerability

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-46983

镜像层: sha256:da249eeda6f156faccbf0bb5703725c9f9f98134268e820de40f7dabe92c50ea

发布日期: 2024-09-19 23:15 修改: 2026-06-17 07:56

org.springframework:spring-core CVE-2025-41249 高危 5.3.39 6.2.11 org.springframework/spring-core: Spring Framework Annotation Detection Vulnerability

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-41249

镜像层: sha256:da249eeda6f156faccbf0bb5703725c9f9f98134268e820de40f7dabe92c50ea

发布日期: 2025-09-16 11:15 修改: 2026-06-17 09:22

org.springframework.boot:spring-boot CVE-2025-22235 高危 2.7.18 3.3.11, 3.4.5 org.springframework.boot/spring-boot: Spring Boot EndpointRequest.to() creates wrong matcher if actuator endpoint is not exposed

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-22235

镜像层: sha256:da249eeda6f156faccbf0bb5703725c9f9f98134268e820de40f7dabe92c50ea

发布日期: 2025-04-28 08:15 修改: 2026-06-17 08:45

org.springframework:spring-webmvc CVE-2024-38816 高危 5.3.39 6.1.13 spring-webmvc: Path Traversal Vulnerability in Spring Applications Using RouterFunctions and FileSystemResource

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-38816

镜像层: sha256:da249eeda6f156faccbf0bb5703725c9f9f98134268e820de40f7dabe92c50ea

发布日期: 2024-09-13 06:15 修改: 2026-06-17 07:41

org.springframework:spring-webmvc CVE-2024-38819 高危 5.3.39 6.1.14 org.springframework:spring-webmvc: Path traversal vulnerability in functional web frameworks

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-38819

镜像层: sha256:da249eeda6f156faccbf0bb5703725c9f9f98134268e820de40f7dabe92c50ea

发布日期: 2024-12-19 18:15 修改: 2026-06-17 07:41

org.springframework.security:spring-security-web CVE-2026-47838 中危 5.8.16 6.5.11 Spring Security Vulnerable to Unauthorized User Impersonation when Using X.509 Client Certificates

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-47838

镜像层: sha256:da249eeda6f156faccbf0bb5703725c9f9f98134268e820de40f7dabe92c50ea

发布日期: 2026-06-10 00:16 修改: 2026-06-30 22:16

org.springframework:spring-context CVE-2024-38820 中危 5.3.39 6.1.14 The fix for CVE-2022-22968 made disallowedFieldspatterns in DataBinder ...

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-38820

镜像层: sha256:da249eeda6f156faccbf0bb5703725c9f9f98134268e820de40f7dabe92c50ea

发布日期: 2024-10-18 06:15 修改: 2026-06-17 07:41

commons-lang:commons-lang CVE-2025-48924 中危 2.6 commons-lang/commons-lang: org.apache.commons/commons-lang3: Uncontrolled Recursion vulnerability in Apache Commons Lang

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-48924

镜像层: sha256:da249eeda6f156faccbf0bb5703725c9f9f98134268e820de40f7dabe92c50ea

发布日期: 2025-07-11 15:15 修改: 2026-06-17 09:30

org.springframework.ldap:spring-ldap-core CVE-2024-38829 中危 2.4.1 3.2.8, 2.4.4 spring-ldap: Spring LDAP sensitive data exposure for case-sensitive comparisons

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-38829

镜像层: sha256:da249eeda6f156faccbf0bb5703725c9f9f98134268e820de40f7dabe92c50ea

发布日期: 2024-12-04 21:15 修改: 2026-06-17 07:41

org.springframework:spring-web CVE-2024-38820 中危 5.3.39 6.1.14 The fix for CVE-2022-22968 made disallowedFieldspatterns in DataBinder ...

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-38820

镜像层: sha256:da249eeda6f156faccbf0bb5703725c9f9f98134268e820de40f7dabe92c50ea

发布日期: 2024-10-18 06:15 修改: 2026-06-17 07:41

ch.qos.logback:logback-core CVE-2025-11226 中危 1.2.13 1.5.19, 1.3.16 ch.qos.logback/logback-core: Conditional abitrary code execution in logback-core

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-11226

镜像层: sha256:da249eeda6f156faccbf0bb5703725c9f9f98134268e820de40f7dabe92c50ea

发布日期: 2025-10-01 08:15 修改: 2026-06-25 17:16

ch.qos.logback:logback-core CVE-2024-12798 中危 1.2.13 1.5.13, 1.3.15 logback-core: arbitrary code execution via JaninoEventEvaluator

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-12798

镜像层: sha256:da249eeda6f156faccbf0bb5703725c9f9f98134268e820de40f7dabe92c50ea

发布日期: 2024-12-19 16:15 修改: 2026-06-17 07:00

org.springframework:spring-webmvc CVE-2024-38828 中危 5.3.39 5.3.42 org.springframework:spring-webmvc: DoS via Spring MVC controller method with byte[] parameter

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-38828

镜像层: sha256:da249eeda6f156faccbf0bb5703725c9f9f98134268e820de40f7dabe92c50ea

发布日期: 2024-11-18 04:15 修改: 2026-06-17 07:41

org.springframework:spring-webmvc CVE-2025-41242 中危 5.3.39 6.2.10 org.springframework/spring-webmvc: Spring Framework MVC path traversal vulnerability

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-41242

镜像层: sha256:da249eeda6f156faccbf0bb5703725c9f9f98134268e820de40f7dabe92c50ea

发布日期: 2025-08-18 09:15 修改: 2026-06-17 09:22

org.springframework:spring-webmvc CVE-2026-22737 中危 5.3.39 7.0.6, 6.2.17 Spring Framework: Spring Framework: Information disclosure via Java scripting engine enabled template views

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-22737

镜像层: sha256:da249eeda6f156faccbf0bb5703725c9f9f98134268e820de40f7dabe92c50ea

发布日期: 2026-03-20 00:16 修改: 2026-06-17 10:20

org.springframework:spring-webmvc CVE-2026-22745 中危 5.3.39 7.0.7, 6.2.18 spring-webflux: Spring MVC and Spring WebFlux: Denial of Service via slow static resource resolution on Windows

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-22745

镜像层: sha256:da249eeda6f156faccbf0bb5703725c9f9f98134268e820de40f7dabe92c50ea

发布日期: 2026-04-29 12:16 修改: 2026-06-17 10:20

ch.qos.logback:logback-core CVE-2024-12801 低危 1.2.13 1.5.13, 1.3.15 logback-core: SaxEventRecorder vulnerable to Server-Side Request Forgery (SSRF) attacks

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-12801

镜像层: sha256:da249eeda6f156faccbf0bb5703725c9f9f98134268e820de40f7dabe92c50ea

发布日期: 2024-12-19 17:15 修改: 2026-06-17 07:00

ch.qos.logback:logback-core CVE-2026-10532 低危 1.2.13 1.5.34 Deserialization of untrusted data vulnerability in QOS.CH Sarl logback ...

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-10532

镜像层: sha256:da249eeda6f156faccbf0bb5703725c9f9f98134268e820de40f7dabe92c50ea

发布日期: 2026-06-01 13:16 修改: 2026-06-17 10:12

org.springframework:spring-context CVE-2025-22233 低危 5.3.39 6.2.7, 6.1.20 CVE-2024-38820 ensured Locale-independent, lowercase conversion for bo ...

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-22233

镜像层: sha256:da249eeda6f156faccbf0bb5703725c9f9f98134268e820de40f7dabe92c50ea

发布日期: 2025-05-16 20:15 修改: 2026-06-17 08:45

org.springframework.security:spring-security-core CVE-2026-22746 低危 5.8.16 6.5.10, 7.0.5 Spring Security: Spring Security: Timing attack defense bypass allows information disclosure

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-22746

镜像层: sha256:da249eeda6f156faccbf0bb5703725c9f9f98134268e820de40f7dabe92c50ea

发布日期: 2026-04-22 06:16 修改: 2026-06-17 10:20

ch.qos.logback:logback-core CVE-2026-1225 低危 1.2.13 1.5.25 ch.qos.logback/logback-core: Malicious logback.xml configuration file allows instantiation of arbitrary classes

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-1225

镜像层: sha256:da249eeda6f156faccbf0bb5703725c9f9f98134268e820de40f7dabe92c50ea

发布日期: 2026-01-22 10:16 修改: 2026-06-17 10:15

ch.qos.logback:logback-core CVE-2026-9828 低危 1.2.13 1.5.33 Deserialization of untrusted data vulnerability in QOS.CH Sarl logback ...

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-9828

镜像层: sha256:da249eeda6f156faccbf0bb5703725c9f9f98134268e820de40f7dabe92c50ea

发布日期: 2026-05-28 14:16 修改: 2026-06-17 11:05

org.springframework:spring-webmvc CVE-2026-22735 低危 5.3.39 7.0.6, 6.2.17 org.springframework/spring-webmvc: org.springframework/spring-webflux: Spring MVC and WebFlux: Stream corruption vulnerability when using Server-Sent Events

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-22735

镜像层: sha256:da249eeda6f156faccbf0bb5703725c9f9f98134268e820de40f7dabe92c50ea

发布日期: 2026-03-20 00:16 修改: 2026-06-17 10:20

org.springframework:spring-webmvc CVE-2026-22741 低危 5.3.39 7.0.7, 6.2.18 Spring MVC: Spring WebFlux: Spring MVC and Spring WebFlux: Denial of Service via cache poisoning

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-22741

镜像层: sha256:da249eeda6f156faccbf0bb5703725c9f9f98134268e820de40f7dabe92c50ea

发布日期: 2026-04-29 12:16 修改: 2026-06-17 10:20

检测到您正在使用广告拦截插件,本站为公益站点,依赖广告维持运转 🙏 查看如何关闭 ×