docker.io/python:3.9.19-alpine - Trivy镜像安全扫描结果

全部漏洞信息

低危漏洞:2

中危漏洞:2

高危漏洞:2

严重漏洞:0

系统OS: alpine 3.20.3 扫描引擎: Trivy 扫描时间: 2025-01-08 19:47

docker.io/python:3.9.19-alpine (alpine 3.20.3) (alpine)

低危漏洞:2

中危漏洞:1

高危漏洞:0

严重漏洞:0

软件包	漏洞	安全状态	安装版本	修复版本	漏洞信息
libexpat	CVE-2024-50602	中危	2.6.3-r0	2.6.4-r0	libexpat: expat: DoS via XML_ResumeParser 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-50602 镜像层: sha256:e5964358721827ff3356da88667da18a97f5bdc2cdfdcc3cbac13ae5cfd04559 发布日期: 2024-10-27 05:15 修改: 2024-10-30 18:35
libcrypto3	CVE-2024-9143	低危	3.3.2-r0	3.3.2-r1	openssl: Low-level invalid GF(2^m) parameters lead to OOB memory access 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-9143 镜像层: sha256:63ca1fbb43ae5034640e5e6cb3e083e05c290072c5366fcaa9d62435a4cced85 发布日期: 2024-10-16 17:15 修改: 2024-11-08 16:35
libssl3	CVE-2024-9143	低危	3.3.2-r0	3.3.2-r1	openssl: Low-level invalid GF(2^m) parameters lead to OOB memory access 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-9143 镜像层: sha256:63ca1fbb43ae5034640e5e6cb3e083e05c290072c5366fcaa9d62435a4cced85 发布日期: 2024-10-16 17:15 修改: 2024-11-08 16:35

软件包

漏洞

安全状态

安装版本

修复版本

漏洞信息

libexpat

CVE-2024-50602

中危

2.6.3-r0

2.6.4-r0

libexpat: expat: DoS via XML_ResumeParser

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-50602

镜像层: sha256:e5964358721827ff3356da88667da18a97f5bdc2cdfdcc3cbac13ae5cfd04559

发布日期: 2024-10-27 05:15 修改: 2024-10-30 18:35

libcrypto3

CVE-2024-9143

低危

3.3.2-r0

3.3.2-r1

openssl: Low-level invalid GF(2^m) parameters lead to OOB memory access

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-9143

镜像层: sha256:63ca1fbb43ae5034640e5e6cb3e083e05c290072c5366fcaa9d62435a4cced85

发布日期: 2024-10-16 17:15 修改: 2024-11-08 16:35

libssl3

CVE-2024-9143

低危

3.3.2-r0

3.3.2-r1

openssl: Low-level invalid GF(2^m) parameters lead to OOB memory access

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-9143

镜像层: sha256:63ca1fbb43ae5034640e5e6cb3e083e05c290072c5366fcaa9d62435a4cced85

发布日期: 2024-10-16 17:15 修改: 2024-11-08 16:35

Python (python-pkg)

低危漏洞:0

中危漏洞:1

高危漏洞:2

严重漏洞:0

软件包	漏洞	安全状态	安装版本	修复版本	漏洞信息
setuptools	CVE-2022-40897	高危	58.1.0	65.5.1	pypa-setuptools: Regular Expression Denial of Service (ReDoS) in package_index.py 漏洞详情: https://avd.aquasec.com/nvd/cve-2022-40897 镜像层: sha256:324a63d693e73e0c9312204c4b2ec2ab259278cb461870f2255a329fd2a4f4d1 发布日期: 2022-12-23 00:15 修改: 2024-10-29 15:35
setuptools	CVE-2024-6345	高危	58.1.0	70.0.0	pypa/setuptools: Remote code execution via download functions in the package_index module in pypa/setuptools 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-6345 镜像层: sha256:324a63d693e73e0c9312204c4b2ec2ab259278cb461870f2255a329fd2a4f4d1 发布日期: 2024-07-15 01:15 修改: 2024-07-15 13:00
pip	CVE-2023-5752	中危	23.0.1	23.3	pip: Mercurial configuration injectable in repo revision when installing via pip 漏洞详情: https://avd.aquasec.com/nvd/cve-2023-5752 镜像层: sha256:324a63d693e73e0c9312204c4b2ec2ab259278cb461870f2255a329fd2a4f4d1 发布日期: 2023-10-25 18:17 修改: 2024-06-10 18:15

软件包

漏洞

安全状态

安装版本

修复版本

漏洞信息

setuptools

CVE-2022-40897

高危

58.1.0

65.5.1

pypa-setuptools: Regular Expression Denial of Service (ReDoS) in package_index.py