docker.io/nocodb/nocodb:0.257.2 - Trivy镜像安全扫描结果

全部漏洞信息

低危漏洞:3

中危漏洞:8

高危漏洞:1

严重漏洞:0

系统OS: alpine 3.19.4 扫描引擎: Trivy 扫描时间: 2024-10-24 14:08

docker.io/nocodb/nocodb:0.257.2 (alpine 3.19.4) (alpine)

低危漏洞:2

中危漏洞:0

高危漏洞:0

严重漏洞:0

软件包	漏洞	安全状态	安装版本	修复版本	漏洞信息
libcrypto3	CVE-2024-9143	低危	3.1.7-r0	3.1.7-r1	openssl: Low-level invalid GF(2^m) parameters lead to OOB memory access 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-9143 镜像层: sha256:94b0f5987cb71badf41e0e98ad0305e7ae36e2f5a4c92c26f6a7b42eb2303ba2 发布日期: 2024-10-16 17:15 修改: 2024-10-18 12:53
libssl3	CVE-2024-9143	低危	3.1.7-r0	3.1.7-r1	openssl: Low-level invalid GF(2^m) parameters lead to OOB memory access 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-9143 镜像层: sha256:94b0f5987cb71badf41e0e98ad0305e7ae36e2f5a4c92c26f6a7b42eb2303ba2 发布日期: 2024-10-16 17:15 修改: 2024-10-18 12:53

软件包

漏洞

安全状态

安装版本

修复版本

漏洞信息

libcrypto3

CVE-2024-9143

低危

3.1.7-r0

3.1.7-r1

openssl: Low-level invalid GF(2^m) parameters lead to OOB memory access

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-9143

镜像层: sha256:94b0f5987cb71badf41e0e98ad0305e7ae36e2f5a4c92c26f6a7b42eb2303ba2

发布日期: 2024-10-16 17:15 修改: 2024-10-18 12:53

libssl3

CVE-2024-9143

低危

3.1.7-r0

3.1.7-r1

openssl: Low-level invalid GF(2^m) parameters lead to OOB memory access

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-9143

镜像层: sha256:94b0f5987cb71badf41e0e98ad0305e7ae36e2f5a4c92c26f6a7b42eb2303ba2

发布日期: 2024-10-16 17:15 修改: 2024-10-18 12:53

Node.js (node-pkg)

低危漏洞:1

中危漏洞:6

高危漏洞:1

严重漏洞:0

软件包	漏洞	安全状态	安装版本	修复版本	漏洞信息
ws	CVE-2024-37890	高危	8.14.2	5.2.4, 6.2.3, 7.5.10, 8.17.1	nodejs-ws: denial of service when handling a request with many HTTP headers 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-37890 镜像层: sha256:81cdf0dd68eae3cca201bf60533f00625de8fcfb97e657a86db607d6c6882dbd 发布日期: 2024-06-17 20:15 修改: 2024-06-20 12:44
request	CVE-2023-28155	中危	2.88.0		The Request package through 2.88.1 for Node.js allows a bypass of SSRF ... 漏洞详情: https://avd.aquasec.com/nvd/cve-2023-28155 镜像层: sha256:81cdf0dd68eae3cca201bf60533f00625de8fcfb97e657a86db607d6c6882dbd 发布日期: 2023-03-16 15:15 修改: 2024-08-02 13:15
request	CVE-2023-28155	中危	2.88.2		The Request package through 2.88.1 for Node.js allows a bypass of SSRF ... 漏洞详情: https://avd.aquasec.com/nvd/cve-2023-28155 镜像层: sha256:81cdf0dd68eae3cca201bf60533f00625de8fcfb97e657a86db607d6c6882dbd 发布日期: 2023-03-16 15:15 修改: 2024-08-02 13:15
tough-cookie	CVE-2023-26136	中危	2.4.3	4.1.3	tough-cookie: prototype pollution in cookie memstore 漏洞详情: https://avd.aquasec.com/nvd/cve-2023-26136 镜像层: sha256:81cdf0dd68eae3cca201bf60533f00625de8fcfb97e657a86db607d6c6882dbd 发布日期: 2023-07-01 05:15 修改: 2024-06-21 19:15
tough-cookie	CVE-2023-26136	中危	2.5.0	4.1.3	tough-cookie: prototype pollution in cookie memstore 漏洞详情: https://avd.aquasec.com/nvd/cve-2023-26136 镜像层: sha256:81cdf0dd68eae3cca201bf60533f00625de8fcfb97e657a86db607d6c6882dbd 发布日期: 2023-07-01 05:15 修改: 2024-06-21 19:15
@azure/identity	CVE-2024-35255	中危	3.4.2	4.2.1	azure-identity: Azure Identity Libraries Elevation of Privilege Vulnerability in github.com/Azure/azure-sdk-for-go/sdk/azidentity 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-35255 镜像层: sha256:81cdf0dd68eae3cca201bf60533f00625de8fcfb97e657a86db607d6c6882dbd 发布日期: 2024-06-11 17:16 修改: 2024-06-20 16:31
xml2js	CVE-2023-0842	中危	0.1.14	0.5.0	node-xml2js: xml2js is vulnerable to prototype pollution 漏洞详情: https://avd.aquasec.com/nvd/cve-2023-0842 镜像层: sha256:81cdf0dd68eae3cca201bf60533f00625de8fcfb97e657a86db607d6c6882dbd 发布日期: 2023-04-05 20:15 修改: 2024-03-14 21:15
cookie	CVE-2024-47764	低危	0.4.2	0.7.0	cookie: cookie accepts cookie name, path, and domain with out of bounds characters 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-47764 镜像层: sha256:81cdf0dd68eae3cca201bf60533f00625de8fcfb97e657a86db607d6c6882dbd 发布日期: 2024-10-04 20:15 修改: 2024-10-07 17:48

usr/local/bin/litestream (gobinary)

低危漏洞:0

中危漏洞:2

高危漏洞:0

严重漏洞:0

软件包	漏洞	安全状态	安装版本	修复版本	漏洞信息
golang.org/x/net	CVE-2023-45288	中危	v0.19.0	0.23.0	golang: net/http, x/net/http2: unlimited number of CONTINUATION frames causes DoS 漏洞详情: https://avd.aquasec.com/nvd/cve-2023-45288 镜像层: sha256:7e3b9f517ac75ef016e6eb3cd8bbd39b7b33acf5733d3a227c07c4198569c078 发布日期: 2024-04-04 21:15 修改: 2024-08-26 21:35
google.golang.org/protobuf	CVE-2024-24786	中危	v1.31.0	1.33.0	golang-protobuf: encoding/protojson, internal/encoding/json: infinite loop in protojson.Unmarshal when unmarshaling certain forms of invalid JSON 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-24786 镜像层: sha256:7e3b9f517ac75ef016e6eb3cd8bbd39b7b33acf5733d3a227c07c4198569c078 发布日期: 2024-03-05 23:15 修改: 2024-06-10 18:15

软件包

漏洞

安全状态

安装版本

修复版本

漏洞信息

golang.org/x/net

CVE-2023-45288

中危

v0.19.0

0.23.0

golang: net/http, x/net/http2: unlimited number of CONTINUATION frames causes DoS

漏洞详情: https://avd.aquasec.com/nvd/cve-2023-45288

镜像层: sha256:7e3b9f517ac75ef016e6eb3cd8bbd39b7b33acf5733d3a227c07c4198569c078

发布日期: 2024-04-04 21:15 修改: 2024-08-26 21:35

google.golang.org/protobuf

CVE-2024-24786

中危

v1.31.0

1.33.0

golang-protobuf: encoding/protojson, internal/encoding/json: infinite loop in protojson.Unmarshal when unmarshaling certain forms of invalid JSON

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-24786

镜像层: sha256:7e3b9f517ac75ef016e6eb3cd8bbd39b7b33acf5733d3a227c07c4198569c078

发布日期: 2024-03-05 23:15 修改: 2024-06-10 18:15

/usr/src/app/docker/main.js ()

低危漏洞:0

中危漏洞:0

高危漏洞:0

严重漏洞:0

软件包	漏洞	安全状态	安装版本	修复版本	漏洞信息

docker.io/nocodb/nocodb:0.257.2 linux/amd64

全部漏洞信息

docker.io/nocodb/nocodb:0.257.2 (alpine 3.19.4) (alpine)

Node.js (node-pkg)

usr/local/bin/litestream (gobinary)

/usr/src/app/docker/main.js ()