docker.io/pixman/pixman:v1.8.2 linux/amd64

docker.io/pixman/pixman:v1.8.2 - Trivy安全扫描结果扫描时间: 2025-02-06 11:09

全部漏洞信息

低危漏洞:3

中危漏洞:9

高危漏洞:2

严重漏洞:0

系统OS: alpine 3.20.3 扫描引擎: Trivy 扫描时间: 2025-02-06 11:09

docker.io/pixman/pixman:v1.8.2 (alpine 3.20.3) (alpine)

低危漏洞:2

中危漏洞:1

高危漏洞:0

严重漏洞:0

软件包	漏洞	安全状态	安装版本	修复版本	漏洞信息
libexpat	CVE-2024-50602	中危	2.6.3-r0	2.6.4-r0	libexpat: expat: DoS via XML_ResumeParser 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-50602 镜像层: sha256:6b49371d7ed7d853c1e30139f48ee92575f78614505d66940d6161d4e199ce13 发布日期: 2024-10-27 05:15 修改: 2024-10-30 18:35
libcrypto3	CVE-2024-9143	低危	3.3.2-r0	3.3.2-r1	openssl: Low-level invalid GF(2^m) parameters lead to OOB memory access 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-9143 镜像层: sha256:63ca1fbb43ae5034640e5e6cb3e083e05c290072c5366fcaa9d62435a4cced85 发布日期: 2024-10-16 17:15 修改: 2024-11-08 16:35
libssl3	CVE-2024-9143	低危	3.3.2-r0	3.3.2-r1	openssl: Low-level invalid GF(2^m) parameters lead to OOB memory access 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-9143 镜像层: sha256:63ca1fbb43ae5034640e5e6cb3e083e05c290072c5366fcaa9d62435a4cced85 发布日期: 2024-10-16 17:15 修改: 2024-11-08 16:35

软件包

漏洞

安全状态

安装版本

修复版本

漏洞信息

libexpat

CVE-2024-50602

中危

2.6.3-r0

2.6.4-r0

libexpat: expat: DoS via XML_ResumeParser

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-50602

镜像层: sha256:6b49371d7ed7d853c1e30139f48ee92575f78614505d66940d6161d4e199ce13

发布日期: 2024-10-27 05:15 修改: 2024-10-30 18:35

libcrypto3

CVE-2024-9143

低危

3.3.2-r0

3.3.2-r1

openssl: Low-level invalid GF(2^m) parameters lead to OOB memory access

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-9143

镜像层: sha256:63ca1fbb43ae5034640e5e6cb3e083e05c290072c5366fcaa9d62435a4cced85

发布日期: 2024-10-16 17:15 修改: 2024-11-08 16:35

libssl3

CVE-2024-9143

低危

3.3.2-r0

3.3.2-r1

openssl: Low-level invalid GF(2^m) parameters lead to OOB memory access

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-9143

镜像层: sha256:63ca1fbb43ae5034640e5e6cb3e083e05c290072c5366fcaa9d62435a4cced85

发布日期: 2024-10-16 17:15 修改: 2024-11-08 16:35

Python (python-pkg)

低危漏洞:1

中危漏洞:8

高危漏洞:2

严重漏洞:0

软件包	漏洞	安全状态	安装版本	修复版本	漏洞信息
setuptools	CVE-2022-40897	高危	57.5.0	65.5.1	pypa-setuptools: Regular Expression Denial of Service (ReDoS) in package_index.py 漏洞详情: https://avd.aquasec.com/nvd/cve-2022-40897 镜像层: sha256:6b49371d7ed7d853c1e30139f48ee92575f78614505d66940d6161d4e199ce13 发布日期: 2022-12-23 00:15 修改: 2024-10-29 15:35
setuptools	CVE-2024-6345	高危	57.5.0	70.0.0	pypa/setuptools: Remote code execution via download functions in the package_index module in pypa/setuptools 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-6345 镜像层: sha256:6b49371d7ed7d853c1e30139f48ee92575f78614505d66940d6161d4e199ce13 发布日期: 2024-07-15 01:15 修改: 2024-07-15 13:00
Werkzeug	CVE-2024-49766	中危	3.0.3	3.0.6	werkzeug: python-werkzeug: Werkzeug safe_join not safe on Windows 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-49766 镜像层: sha256:cf32a373ade57dcda82693a9b8561100becdfabe8a61065fe7942feaf94caeaa 发布日期: 2024-10-25 20:15 修改: 2024-10-28 13:58
Werkzeug	CVE-2024-49767	中危	3.0.3	3.0.6	werkzeug: python-werkzeug: Werkzeug possible resource exhaustion when parsing file data in forms 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-49767 镜像层: sha256:cf32a373ade57dcda82693a9b8561100becdfabe8a61065fe7942feaf94caeaa 发布日期: 2024-10-25 20:15 修改: 2025-01-03 12:15
pip	CVE-2023-5752	中危	23.0.1	23.3	pip: Mercurial configuration injectable in repo revision when installing via pip 漏洞详情: https://avd.aquasec.com/nvd/cve-2023-5752 镜像层: sha256:6b49371d7ed7d853c1e30139f48ee92575f78614505d66940d6161d4e199ce13 发布日期: 2023-10-25 18:17 修改: 2024-06-10 18:15
requests	CVE-2023-32681	中危	2.29.0	2.31.0	python-requests: Unintended leak of Proxy-Authorization header 漏洞详情: https://avd.aquasec.com/nvd/cve-2023-32681 镜像层: sha256:cf32a373ade57dcda82693a9b8561100becdfabe8a61065fe7942feaf94caeaa 发布日期: 2023-05-26 18:15 修改: 2023-09-17 09:15
requests	CVE-2024-35195	中危	2.29.0	2.32.0	requests: subsequent requests to the same host ignore cert verification 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-35195 镜像层: sha256:cf32a373ade57dcda82693a9b8561100becdfabe8a61065fe7942feaf94caeaa 发布日期: 2024-05-20 21:15 修改: 2024-06-10 17:16
Jinja2	CVE-2024-56201	中危	3.1.4	3.1.5	jinja2: Jinja has a sandbox breakout through malicious filenames 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-56201 镜像层: sha256:cf32a373ade57dcda82693a9b8561100becdfabe8a61065fe7942feaf94caeaa 发布日期: 2024-12-23 16:15 修改: 2025-01-08 16:15
Jinja2	CVE-2024-56326	中危	3.1.4	3.1.5	jinja2: Jinja has a sandbox breakout through indirect reference to format method 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-56326 镜像层: sha256:cf32a373ade57dcda82693a9b8561100becdfabe8a61065fe7942feaf94caeaa 发布日期: 2024-12-23 16:15 修改: 2024-12-27 18:15
urllib3	CVE-2024-37891	中危	1.26.18	1.26.19, 2.2.2	urllib3: proxy-authorization request header is not stripped during cross-origin redirects 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-37891 镜像层: sha256:cf32a373ade57dcda82693a9b8561100becdfabe8a61065fe7942feaf94caeaa 发布日期: 2024-06-17 20:15 修改: 2024-06-20 12:44
certifi	CVE-2024-39689	低危	2024.2.2	2024.07.04	python-certifi: Remove root certificates from `GLOBALTRUST` from the root store 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-39689 镜像层: sha256:cf32a373ade57dcda82693a9b8561100becdfabe8a61065fe7942feaf94caeaa 发布日期: 2024-07-05 19:15 修改: 2024-12-06 14:15