docker.io/sameersbn/gitlab:15.11.10 linux/amd64

docker.io/sameersbn/gitlab:15.11.10 - Trivy安全扫描结果扫描时间: 2025-02-13 11:42

全部漏洞信息

低危漏洞:124

中危漏洞:564

高危漏洞:158

严重漏洞:32

系统OS: ubuntu 20.04 扫描引擎: Trivy 扫描时间: 2025-02-13 11:42

docker.io/sameersbn/gitlab:15.11.10 (ubuntu 20.04) (ubuntu)

低危漏洞:106

中危漏洞:176

高危漏洞:1

严重漏洞:0

软件包	漏洞	安全状态	安装版本	修复版本	漏洞信息
libnghttp2-14	CVE-2023-44487	高危	1.40.0-1ubuntu0.1	1.40.0-1ubuntu0.2	HTTP/2: Multiple HTTP/2 enabled web servers are vulnerable to a DDoS attack (Rapid Reset Attack) 漏洞详情: https://avd.aquasec.com/nvd/cve-2023-44487 镜像层: sha256:fd0567dc5f0046077aed9c61301cdbf95a9333d1b8f283f95eb4363a2a9c89a8 发布日期: 2023-10-10 14:15 修改: 2024-12-20 17:40
curl	CVE-2023-46218	中危	7.68.0-1ubuntu2.18	7.68.0-1ubuntu2.21	curl: information disclosure by exploiting a mixed case flaw 漏洞详情: https://avd.aquasec.com/nvd/cve-2023-46218 镜像层: sha256:fd0567dc5f0046077aed9c61301cdbf95a9333d1b8f283f95eb4363a2a9c89a8 发布日期: 2023-12-07 01:15 修改: 2024-01-25 14:15
curl	CVE-2024-2398	中危	7.68.0-1ubuntu2.18	7.68.0-1ubuntu2.22	curl: HTTP/2 push headers memory-leak 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-2398 镜像层: sha256:fd0567dc5f0046077aed9c61301cdbf95a9333d1b8f283f95eb4363a2a9c89a8 发布日期: 2024-03-27 08:15 修改: 2024-07-30 02:15
curl	CVE-2024-7264	中危	7.68.0-1ubuntu2.18	7.68.0-1ubuntu2.23	curl: libcurl: ASN.1 date parser overread 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-7264 镜像层: sha256:fd0567dc5f0046077aed9c61301cdbf95a9333d1b8f283f95eb4363a2a9c89a8 发布日期: 2024-07-31 08:15 修改: 2024-10-30 20:35
curl	CVE-2024-8096	中危	7.68.0-1ubuntu2.18	7.68.0-1ubuntu2.24	curl: OCSP stapling bypass with GnuTLS 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-8096 镜像层: sha256:fd0567dc5f0046077aed9c61301cdbf95a9333d1b8f283f95eb4363a2a9c89a8 发布日期: 2024-09-11 10:15 修改: 2024-09-11 16:26
fdisk	CVE-2024-28085	中危	2.34-0.1ubuntu9.4	2.34-0.1ubuntu9.5	util-linux: CVE-2024-28085: wall: escape sequence injection 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-28085 镜像层: sha256:ea4a8e02c19d3109db71970f3ba902ff4a4c2b1e7f6c3054947e0d6e3dca38ce 发布日期: 2024-03-27 19:15 修改: 2024-08-26 21:35
libblkid1	CVE-2024-28085	中危	2.34-0.1ubuntu9.4	2.34-0.1ubuntu9.5	util-linux: CVE-2024-28085: wall: escape sequence injection 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-28085 镜像层: sha256:ea4a8e02c19d3109db71970f3ba902ff4a4c2b1e7f6c3054947e0d6e3dca38ce 发布日期: 2024-03-27 19:15 修改: 2024-08-26 21:35
libc-bin	CVE-2024-2961	中危	2.31-0ubuntu9.9	2.31-0ubuntu9.15	glibc: Out of bounds write in iconv may lead to remote code execution 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-2961 镜像层: sha256:ec66d8cea54a2f4dfbbd8342ce082503bf8541e996a800c0d724b8dd2fea7f6a 发布日期: 2024-04-17 18:15 修改: 2024-07-22 18:15
libc-bin	CVE-2024-33599	中危	2.31-0ubuntu9.9	2.31-0ubuntu9.16	glibc: stack-based buffer overflow in netgroup cache 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-33599 镜像层: sha256:ec66d8cea54a2f4dfbbd8342ce082503bf8541e996a800c0d724b8dd2fea7f6a 发布日期: 2024-05-06 20:15 修改: 2024-07-22 18:15
libc-bin	CVE-2024-33600	中危	2.31-0ubuntu9.9	2.31-0ubuntu9.16	glibc: null pointer dereferences after failed netgroup cache insertion 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-33600 镜像层: sha256:ec66d8cea54a2f4dfbbd8342ce082503bf8541e996a800c0d724b8dd2fea7f6a 发布日期: 2024-05-06 20:15 修改: 2024-07-22 18:15
libc-bin	CVE-2024-33601	中危	2.31-0ubuntu9.9	2.31-0ubuntu9.16	glibc: netgroup cache may terminate daemon on memory allocation failure 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-33601 镜像层: sha256:ec66d8cea54a2f4dfbbd8342ce082503bf8541e996a800c0d724b8dd2fea7f6a 发布日期: 2024-05-06 20:15 修改: 2024-07-22 18:15
libc-bin	CVE-2024-33602	中危	2.31-0ubuntu9.9	2.31-0ubuntu9.16	glibc: netgroup cache assumes NSS callback uses in-buffer strings 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-33602 镜像层: sha256:ec66d8cea54a2f4dfbbd8342ce082503bf8541e996a800c0d724b8dd2fea7f6a 发布日期: 2024-05-06 20:15 修改: 2024-07-22 18:15
libc6	CVE-2024-2961	中危	2.31-0ubuntu9.9	2.31-0ubuntu9.15	glibc: Out of bounds write in iconv may lead to remote code execution 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-2961 镜像层: sha256:ec66d8cea54a2f4dfbbd8342ce082503bf8541e996a800c0d724b8dd2fea7f6a 发布日期: 2024-04-17 18:15 修改: 2024-07-22 18:15
libc6	CVE-2024-33599	中危	2.31-0ubuntu9.9	2.31-0ubuntu9.16	glibc: stack-based buffer overflow in netgroup cache 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-33599 镜像层: sha256:ec66d8cea54a2f4dfbbd8342ce082503bf8541e996a800c0d724b8dd2fea7f6a 发布日期: 2024-05-06 20:15 修改: 2024-07-22 18:15
libc6	CVE-2024-33600	中危	2.31-0ubuntu9.9	2.31-0ubuntu9.16	glibc: null pointer dereferences after failed netgroup cache insertion 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-33600 镜像层: sha256:ec66d8cea54a2f4dfbbd8342ce082503bf8541e996a800c0d724b8dd2fea7f6a 发布日期: 2024-05-06 20:15 修改: 2024-07-22 18:15
libc6	CVE-2024-33601	中危	2.31-0ubuntu9.9	2.31-0ubuntu9.16	glibc: netgroup cache may terminate daemon on memory allocation failure 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-33601 镜像层: sha256:ec66d8cea54a2f4dfbbd8342ce082503bf8541e996a800c0d724b8dd2fea7f6a 发布日期: 2024-05-06 20:15 修改: 2024-07-22 18:15
libc6	CVE-2024-33602	中危	2.31-0ubuntu9.9	2.31-0ubuntu9.16	glibc: netgroup cache assumes NSS callback uses in-buffer strings 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-33602 镜像层: sha256:ec66d8cea54a2f4dfbbd8342ce082503bf8541e996a800c0d724b8dd2fea7f6a 发布日期: 2024-05-06 20:15 修改: 2024-07-22 18:15
libcurl4	CVE-2023-46218	中危	7.68.0-1ubuntu2.18	7.68.0-1ubuntu2.21	curl: information disclosure by exploiting a mixed case flaw 漏洞详情: https://avd.aquasec.com/nvd/cve-2023-46218 镜像层: sha256:fd0567dc5f0046077aed9c61301cdbf95a9333d1b8f283f95eb4363a2a9c89a8 发布日期: 2023-12-07 01:15 修改: 2024-01-25 14:15
libcurl4	CVE-2024-2398	中危	7.68.0-1ubuntu2.18	7.68.0-1ubuntu2.22	curl: HTTP/2 push headers memory-leak 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-2398 镜像层: sha256:fd0567dc5f0046077aed9c61301cdbf95a9333d1b8f283f95eb4363a2a9c89a8 发布日期: 2024-03-27 08:15 修改: 2024-07-30 02:15
libcurl4	CVE-2024-7264	中危	7.68.0-1ubuntu2.18	7.68.0-1ubuntu2.23	curl: libcurl: ASN.1 date parser overread 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-7264 镜像层: sha256:fd0567dc5f0046077aed9c61301cdbf95a9333d1b8f283f95eb4363a2a9c89a8 发布日期: 2024-07-31 08:15 修改: 2024-10-30 20:35
libcurl4	CVE-2024-8096	中危	7.68.0-1ubuntu2.18	7.68.0-1ubuntu2.24	curl: OCSP stapling bypass with GnuTLS 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-8096 镜像层: sha256:fd0567dc5f0046077aed9c61301cdbf95a9333d1b8f283f95eb4363a2a9c89a8 发布日期: 2024-09-11 10:15 修改: 2024-09-11 16:26
libelf1	CVE-2020-21047	中危	0.176-1.1build1	0.176-1.1ubuntu0.1	The libcpu component which is used by libasm of elfutils version 0.177 ... 漏洞详情: https://avd.aquasec.com/nvd/cve-2020-21047 镜像层: sha256:fd0567dc5f0046077aed9c61301cdbf95a9333d1b8f283f95eb4363a2a9c89a8 发布日期: 2023-08-22 19:16 修改: 2023-11-07 03:19
libexpat1	CVE-2024-45490	中危	2.2.9-1ubuntu0.6	2.2.9-1ubuntu0.7	libexpat: Negative Length Parsing Vulnerability in libexpat 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-45490 镜像层: sha256:fd0567dc5f0046077aed9c61301cdbf95a9333d1b8f283f95eb4363a2a9c89a8 发布日期: 2024-08-30 03:15 修改: 2024-10-18 12:24
libexpat1	CVE-2024-45491	中危	2.2.9-1ubuntu0.6	2.2.9-1ubuntu0.7	libexpat: Integer Overflow or Wraparound 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-45491 镜像层: sha256:fd0567dc5f0046077aed9c61301cdbf95a9333d1b8f283f95eb4363a2a9c89a8 发布日期: 2024-08-30 03:15 修改: 2024-09-04 14:28
libexpat1	CVE-2024-45492	中危	2.2.9-1ubuntu0.6	2.2.9-1ubuntu0.7	libexpat: integer overflow 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-45492 镜像层: sha256:fd0567dc5f0046077aed9c61301cdbf95a9333d1b8f283f95eb4363a2a9c89a8 发布日期: 2024-08-30 03:15 修改: 2024-09-04 14:28
libexpat1	CVE-2024-50602	中危	2.2.9-1ubuntu0.6	2.2.9-1ubuntu0.8	libexpat: expat: DoS via XML_ResumeParser 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-50602 镜像层: sha256:fd0567dc5f0046077aed9c61301cdbf95a9333d1b8f283f95eb4363a2a9c89a8 发布日期: 2024-10-27 05:15 修改: 2024-10-30 18:35
libfdisk1	CVE-2024-28085	中危	2.34-0.1ubuntu9.4	2.34-0.1ubuntu9.5	util-linux: CVE-2024-28085: wall: escape sequence injection 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-28085 镜像层: sha256:ea4a8e02c19d3109db71970f3ba902ff4a4c2b1e7f6c3054947e0d6e3dca38ce 发布日期: 2024-03-27 19:15 修改: 2024-08-26 21:35
libfreetype6	CVE-2025-23022	中危	2.10.1-2ubuntu0.3		freetype: signed integer overflow in cf2_doFlex 漏洞详情: https://avd.aquasec.com/nvd/cve-2025-23022 镜像层: sha256:fd0567dc5f0046077aed9c61301cdbf95a9333d1b8f283f95eb4363a2a9c89a8 发布日期: 2025-01-10 15:15 修改: 2025-01-16 21:12
libgnutls30	CVE-2023-5981	中危	3.6.13-2ubuntu1.8	3.6.13-2ubuntu1.9	gnutls: timing side-channel in the RSA-PSK authentication 漏洞详情: https://avd.aquasec.com/nvd/cve-2023-5981 镜像层: sha256:ec66d8cea54a2f4dfbbd8342ce082503bf8541e996a800c0d724b8dd2fea7f6a 发布日期: 2023-11-28 12:15 修改: 2024-09-16 13:15
libgnutls30	CVE-2024-0553	中危	3.6.13-2ubuntu1.8	3.6.13-2ubuntu1.10	gnutls: incomplete fix for CVE-2023-5981 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-0553 镜像层: sha256:ec66d8cea54a2f4dfbbd8342ce082503bf8541e996a800c0d724b8dd2fea7f6a 发布日期: 2024-01-16 12:15 修改: 2024-09-16 13:15
libgnutls30	CVE-2024-28834	中危	3.6.13-2ubuntu1.8	3.6.13-2ubuntu1.11	gnutls: vulnerable to Minerva side-channel information leak 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-28834 镜像层: sha256:ec66d8cea54a2f4dfbbd8342ce082503bf8541e996a800c0d724b8dd2fea7f6a 发布日期: 2024-03-21 14:15 修改: 2024-11-21 21:15
libgssapi-krb5-2	CVE-2023-36054	中危	1.17-6ubuntu4.3	1.17-6ubuntu4.4	krb5: Denial of service through freeing uninitialized pointer 漏洞详情: https://avd.aquasec.com/nvd/cve-2023-36054 镜像层: sha256:fd0567dc5f0046077aed9c61301cdbf95a9333d1b8f283f95eb4363a2a9c89a8 发布日期: 2023-08-07 19:15 修改: 2023-11-15 03:23
libgssapi-krb5-2	CVE-2024-26462	中危	1.17-6ubuntu4.3		krb5: Memory leak at /krb5/src/kdc/ndr.c 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-26462 镜像层: sha256:fd0567dc5f0046077aed9c61301cdbf95a9333d1b8f283f95eb4363a2a9c89a8 发布日期: 2024-02-29 01:44 修改: 2024-05-14 15:09
libgssapi-krb5-2	CVE-2024-37370	中危	1.17-6ubuntu4.3	1.17-6ubuntu4.6	krb5: GSS message token handling 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-37370 镜像层: sha256:fd0567dc5f0046077aed9c61301cdbf95a9333d1b8f283f95eb4363a2a9c89a8 发布日期: 2024-06-28 22:15 修改: 2024-08-27 17:48
libgssapi-krb5-2	CVE-2024-37371	中危	1.17-6ubuntu4.3	1.17-6ubuntu4.6	krb5: GSS message token handling 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-37371 镜像层: sha256:fd0567dc5f0046077aed9c61301cdbf95a9333d1b8f283f95eb4363a2a9c89a8 发布日期: 2024-06-28 23:15 修改: 2024-09-18 12:39
libimage-exiftool-perl	CVE-2022-23935	中危	11.88-1ubuntu0.1		lib/Image/ExifTool.pm in ExifTool before 12.38 mishandles a $file =~ / ... 漏洞详情: https://avd.aquasec.com/nvd/cve-2022-23935 镜像层: sha256:fd0567dc5f0046077aed9c61301cdbf95a9333d1b8f283f95eb4363a2a9c89a8 发布日期: 2022-01-25 06:15 修改: 2023-08-08 14:21
libk5crypto3	CVE-2023-36054	中危	1.17-6ubuntu4.3	1.17-6ubuntu4.4	krb5: Denial of service through freeing uninitialized pointer 漏洞详情: https://avd.aquasec.com/nvd/cve-2023-36054 镜像层: sha256:fd0567dc5f0046077aed9c61301cdbf95a9333d1b8f283f95eb4363a2a9c89a8 发布日期: 2023-08-07 19:15 修改: 2023-11-15 03:23
libk5crypto3	CVE-2024-26462	中危	1.17-6ubuntu4.3		krb5: Memory leak at /krb5/src/kdc/ndr.c 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-26462 镜像层: sha256:fd0567dc5f0046077aed9c61301cdbf95a9333d1b8f283f95eb4363a2a9c89a8 发布日期: 2024-02-29 01:44 修改: 2024-05-14 15:09
libk5crypto3	CVE-2024-37370	中危	1.17-6ubuntu4.3	1.17-6ubuntu4.6	krb5: GSS message token handling 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-37370 镜像层: sha256:fd0567dc5f0046077aed9c61301cdbf95a9333d1b8f283f95eb4363a2a9c89a8 发布日期: 2024-06-28 22:15 修改: 2024-08-27 17:48
libk5crypto3	CVE-2024-37371	中危	1.17-6ubuntu4.3	1.17-6ubuntu4.6	krb5: GSS message token handling 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-37371 镜像层: sha256:fd0567dc5f0046077aed9c61301cdbf95a9333d1b8f283f95eb4363a2a9c89a8 发布日期: 2024-06-28 23:15 修改: 2024-09-18 12:39
libkrb5-3	CVE-2023-36054	中危	1.17-6ubuntu4.3	1.17-6ubuntu4.4	krb5: Denial of service through freeing uninitialized pointer 漏洞详情: https://avd.aquasec.com/nvd/cve-2023-36054 镜像层: sha256:fd0567dc5f0046077aed9c61301cdbf95a9333d1b8f283f95eb4363a2a9c89a8 发布日期: 2023-08-07 19:15 修改: 2023-11-15 03:23
libkrb5-3	CVE-2024-26462	中危	1.17-6ubuntu4.3		krb5: Memory leak at /krb5/src/kdc/ndr.c 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-26462 镜像层: sha256:fd0567dc5f0046077aed9c61301cdbf95a9333d1b8f283f95eb4363a2a9c89a8 发布日期: 2024-02-29 01:44 修改: 2024-05-14 15:09
libkrb5-3	CVE-2024-37370	中危	1.17-6ubuntu4.3	1.17-6ubuntu4.6	krb5: GSS message token handling 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-37370 镜像层: sha256:fd0567dc5f0046077aed9c61301cdbf95a9333d1b8f283f95eb4363a2a9c89a8 发布日期: 2024-06-28 22:15 修改: 2024-08-27 17:48
libkrb5-3	CVE-2024-37371	中危	1.17-6ubuntu4.3	1.17-6ubuntu4.6	krb5: GSS message token handling 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-37371 镜像层: sha256:fd0567dc5f0046077aed9c61301cdbf95a9333d1b8f283f95eb4363a2a9c89a8 发布日期: 2024-06-28 23:15 修改: 2024-09-18 12:39
libkrb5support0	CVE-2023-36054	中危	1.17-6ubuntu4.3	1.17-6ubuntu4.4	krb5: Denial of service through freeing uninitialized pointer 漏洞详情: https://avd.aquasec.com/nvd/cve-2023-36054 镜像层: sha256:fd0567dc5f0046077aed9c61301cdbf95a9333d1b8f283f95eb4363a2a9c89a8 发布日期: 2023-08-07 19:15 修改: 2023-11-15 03:23
libkrb5support0	CVE-2024-26462	中危	1.17-6ubuntu4.3		krb5: Memory leak at /krb5/src/kdc/ndr.c 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-26462 镜像层: sha256:fd0567dc5f0046077aed9c61301cdbf95a9333d1b8f283f95eb4363a2a9c89a8 发布日期: 2024-02-29 01:44 修改: 2024-05-14 15:09
libkrb5support0	CVE-2024-37370	中危	1.17-6ubuntu4.3	1.17-6ubuntu4.6	krb5: GSS message token handling 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-37370 镜像层: sha256:fd0567dc5f0046077aed9c61301cdbf95a9333d1b8f283f95eb4363a2a9c89a8 发布日期: 2024-06-28 22:15 修改: 2024-08-27 17:48
libkrb5support0	CVE-2024-37371	中危	1.17-6ubuntu4.3	1.17-6ubuntu4.6	krb5: GSS message token handling 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-37371 镜像层: sha256:fd0567dc5f0046077aed9c61301cdbf95a9333d1b8f283f95eb4363a2a9c89a8 发布日期: 2024-06-28 23:15 修改: 2024-09-18 12:39
libmount1	CVE-2024-28085	中危	2.34-0.1ubuntu9.4	2.34-0.1ubuntu9.5	util-linux: CVE-2024-28085: wall: escape sequence injection 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-28085 镜像层: sha256:ea4a8e02c19d3109db71970f3ba902ff4a4c2b1e7f6c3054947e0d6e3dca38ce 发布日期: 2024-03-27 19:15 修改: 2024-08-26 21:35
bsdutils	CVE-2024-28085	中危	1:2.34-0.1ubuntu9.4	2.34-0.1ubuntu9.5	util-linux: CVE-2024-28085: wall: escape sequence injection 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-28085 镜像层: sha256:ea4a8e02c19d3109db71970f3ba902ff4a4c2b1e7f6c3054947e0d6e3dca38ce 发布日期: 2024-03-27 19:15 修改: 2024-08-26 21:35
libnghttp2-14	CVE-2024-28182	中危	1.40.0-1ubuntu0.1	1.40.0-1ubuntu0.3	nghttp2: CONTINUATION frames DoS 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-28182 镜像层: sha256:fd0567dc5f0046077aed9c61301cdbf95a9333d1b8f283f95eb4363a2a9c89a8 发布日期: 2024-04-04 15:15 修改: 2024-05-01 18:15
libpam-modules	CVE-2024-10041	中危	1.3.1-5ubuntu4.6		pam: libpam: Libpam vulnerable to read hashed password 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-10041 镜像层: sha256:ec66d8cea54a2f4dfbbd8342ce082503bf8541e996a800c0d724b8dd2fea7f6a 发布日期: 2024-10-23 14:15 修改: 2024-12-18 10:15
libpam-modules	CVE-2024-22365	中危	1.3.1-5ubuntu4.6	1.3.1-5ubuntu4.7	pam: allowing unprivileged user to block another user namespace 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-22365 镜像层: sha256:ec66d8cea54a2f4dfbbd8342ce082503bf8541e996a800c0d724b8dd2fea7f6a 发布日期: 2024-02-06 08:15 修改: 2024-02-14 00:27
libpam-modules-bin	CVE-2024-10041	中危	1.3.1-5ubuntu4.6		pam: libpam: Libpam vulnerable to read hashed password 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-10041 镜像层: sha256:ec66d8cea54a2f4dfbbd8342ce082503bf8541e996a800c0d724b8dd2fea7f6a 发布日期: 2024-10-23 14:15 修改: 2024-12-18 10:15
libpam-modules-bin	CVE-2024-22365	中危	1.3.1-5ubuntu4.6	1.3.1-5ubuntu4.7	pam: allowing unprivileged user to block another user namespace 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-22365 镜像层: sha256:ec66d8cea54a2f4dfbbd8342ce082503bf8541e996a800c0d724b8dd2fea7f6a 发布日期: 2024-02-06 08:15 修改: 2024-02-14 00:27
libpam-runtime	CVE-2024-10041	中危	1.3.1-5ubuntu4.6		pam: libpam: Libpam vulnerable to read hashed password 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-10041 镜像层: sha256:ec66d8cea54a2f4dfbbd8342ce082503bf8541e996a800c0d724b8dd2fea7f6a 发布日期: 2024-10-23 14:15 修改: 2024-12-18 10:15
libpam-runtime	CVE-2024-22365	中危	1.3.1-5ubuntu4.6	1.3.1-5ubuntu4.7	pam: allowing unprivileged user to block another user namespace 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-22365 镜像层: sha256:ec66d8cea54a2f4dfbbd8342ce082503bf8541e996a800c0d724b8dd2fea7f6a 发布日期: 2024-02-06 08:15 修改: 2024-02-14 00:27
libpam0g	CVE-2024-10041	中危	1.3.1-5ubuntu4.6		pam: libpam: Libpam vulnerable to read hashed password 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-10041 镜像层: sha256:ec66d8cea54a2f4dfbbd8342ce082503bf8541e996a800c0d724b8dd2fea7f6a 发布日期: 2024-10-23 14:15 修改: 2024-12-18 10:15
libpam0g	CVE-2024-22365	中危	1.3.1-5ubuntu4.6	1.3.1-5ubuntu4.7	pam: allowing unprivileged user to block another user namespace 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-22365 镜像层: sha256:ec66d8cea54a2f4dfbbd8342ce082503bf8541e996a800c0d724b8dd2fea7f6a 发布日期: 2024-02-06 08:15 修改: 2024-02-14 00:27
libperl5.30	CVE-2023-47038	中危	5.30.0-9ubuntu0.4	5.30.0-9ubuntu0.5	perl: Write past buffer end via illegal user-defined Unicode property 漏洞详情: https://avd.aquasec.com/nvd/cve-2023-47038 镜像层: sha256:fd0567dc5f0046077aed9c61301cdbf95a9333d1b8f283f95eb4363a2a9c89a8 发布日期: 2023-12-18 14:15 修改: 2024-09-16 16:15
libpython3.8-minimal	CVE-2023-27043	中危	3.8.10-0ubuntu1~20.04.8	3.8.10-0ubuntu1~20.04.12	python: Parsing errors in email/_parseaddr.py lead to incorrect value in email address part of tuple 漏洞详情: https://avd.aquasec.com/nvd/cve-2023-27043 镜像层: sha256:fd0567dc5f0046077aed9c61301cdbf95a9333d1b8f283f95eb4363a2a9c89a8 发布日期: 2023-04-19 00:15 修改: 2024-02-26 16:27
libpython3.8-minimal	CVE-2023-40217	中危	3.8.10-0ubuntu1~20.04.8	3.8.10-0ubuntu1~20.04.9	python: TLS handshake bypass 漏洞详情: https://avd.aquasec.com/nvd/cve-2023-40217 镜像层: sha256:fd0567dc5f0046077aed9c61301cdbf95a9333d1b8f283f95eb4363a2a9c89a8 发布日期: 2023-08-25 01:15 修改: 2023-11-07 04:20
libpython3.8-minimal	CVE-2023-6597	中危	3.8.10-0ubuntu1~20.04.8	3.8.10-0ubuntu1~20.04.10	python: Path traversal on tempfile.TemporaryDirectory 漏洞详情: https://avd.aquasec.com/nvd/cve-2023-6597 镜像层: sha256:fd0567dc5f0046077aed9c61301cdbf95a9333d1b8f283f95eb4363a2a9c89a8 发布日期: 2024-03-19 16:15 修改: 2024-06-10 18:15
libpython3.8-minimal	CVE-2024-0397	中危	3.8.10-0ubuntu1~20.04.8	3.8.10-0ubuntu1~20.04.11	cpython: python: Memory race condition in ssl.SSLContext certificate store methods 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-0397 镜像层: sha256:fd0567dc5f0046077aed9c61301cdbf95a9333d1b8f283f95eb4363a2a9c89a8 发布日期: 2024-06-17 16:15 修改: 2024-07-03 01:44
libpython3.8-minimal	CVE-2024-0450	中危	3.8.10-0ubuntu1~20.04.8	3.8.10-0ubuntu1~20.04.10	python: The zipfile module is vulnerable to zip-bombs leading to denial of service 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-0450 镜像层: sha256:fd0567dc5f0046077aed9c61301cdbf95a9333d1b8f283f95eb4363a2a9c89a8 发布日期: 2024-03-19 16:15 修改: 2024-06-10 18:15
libpython3.8-minimal	CVE-2024-11168	中危	3.8.10-0ubuntu1~20.04.8		python: Improper validation of IPv6 and IPvFuture addresses 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-11168 镜像层: sha256:fd0567dc5f0046077aed9c61301cdbf95a9333d1b8f283f95eb4363a2a9c89a8 发布日期: 2024-11-12 22:15 修改: 2025-01-06 18:15
libpython3.8-minimal	CVE-2024-6232	中危	3.8.10-0ubuntu1~20.04.8	3.8.10-0ubuntu1~20.04.12	python: cpython: tarfile: ReDos via excessive backtracking while parsing header values 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-6232 镜像层: sha256:fd0567dc5f0046077aed9c61301cdbf95a9333d1b8f283f95eb4363a2a9c89a8 发布日期: 2024-09-03 13:15 修改: 2024-09-04 21:15
libpython3.8-minimal	CVE-2024-6923	中危	3.8.10-0ubuntu1~20.04.8	3.8.10-0ubuntu1~20.04.12	cpython: python: email module doesn't properly quotes newlines in email headers, allowing header injection 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-6923 镜像层: sha256:fd0567dc5f0046077aed9c61301cdbf95a9333d1b8f283f95eb4363a2a9c89a8 发布日期: 2024-08-01 14:15 修改: 2025-01-11 15:15
libpython3.8-minimal	CVE-2024-8088	中危	3.8.10-0ubuntu1~20.04.8	3.8.10-0ubuntu1~20.04.12	python: cpython: Iterating over a malicious ZIP file may lead to Denial of Service 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-8088 镜像层: sha256:fd0567dc5f0046077aed9c61301cdbf95a9333d1b8f283f95eb4363a2a9c89a8 发布日期: 2024-08-22 19:15 修改: 2024-09-04 23:15
libpython3.8-minimal	CVE-2024-9287	中危	3.8.10-0ubuntu1~20.04.8	3.8.10-0ubuntu1~20.04.13	python: Virtual environment (venv) activation scripts don't quote paths 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-9287 镜像层: sha256:fd0567dc5f0046077aed9c61301cdbf95a9333d1b8f283f95eb4363a2a9c89a8 发布日期: 2024-10-22 17:15 修改: 2024-11-04 18:15
libpython3.8-stdlib	CVE-2023-27043	中危	3.8.10-0ubuntu1~20.04.8	3.8.10-0ubuntu1~20.04.12	python: Parsing errors in email/_parseaddr.py lead to incorrect value in email address part of tuple 漏洞详情: https://avd.aquasec.com/nvd/cve-2023-27043 镜像层: sha256:fd0567dc5f0046077aed9c61301cdbf95a9333d1b8f283f95eb4363a2a9c89a8 发布日期: 2023-04-19 00:15 修改: 2024-02-26 16:27
libpython3.8-stdlib	CVE-2023-40217	中危	3.8.10-0ubuntu1~20.04.8	3.8.10-0ubuntu1~20.04.9	python: TLS handshake bypass 漏洞详情: https://avd.aquasec.com/nvd/cve-2023-40217 镜像层: sha256:fd0567dc5f0046077aed9c61301cdbf95a9333d1b8f283f95eb4363a2a9c89a8 发布日期: 2023-08-25 01:15 修改: 2023-11-07 04:20
libpython3.8-stdlib	CVE-2023-6597	中危	3.8.10-0ubuntu1~20.04.8	3.8.10-0ubuntu1~20.04.10	python: Path traversal on tempfile.TemporaryDirectory 漏洞详情: https://avd.aquasec.com/nvd/cve-2023-6597 镜像层: sha256:fd0567dc5f0046077aed9c61301cdbf95a9333d1b8f283f95eb4363a2a9c89a8 发布日期: 2024-03-19 16:15 修改: 2024-06-10 18:15
libpython3.8-stdlib	CVE-2024-0397	中危	3.8.10-0ubuntu1~20.04.8	3.8.10-0ubuntu1~20.04.11	cpython: python: Memory race condition in ssl.SSLContext certificate store methods 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-0397 镜像层: sha256:fd0567dc5f0046077aed9c61301cdbf95a9333d1b8f283f95eb4363a2a9c89a8 发布日期: 2024-06-17 16:15 修改: 2024-07-03 01:44
libpython3.8-stdlib	CVE-2024-0450	中危	3.8.10-0ubuntu1~20.04.8	3.8.10-0ubuntu1~20.04.10	python: The zipfile module is vulnerable to zip-bombs leading to denial of service 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-0450 镜像层: sha256:fd0567dc5f0046077aed9c61301cdbf95a9333d1b8f283f95eb4363a2a9c89a8 发布日期: 2024-03-19 16:15 修改: 2024-06-10 18:15
libpython3.8-stdlib	CVE-2024-11168	中危	3.8.10-0ubuntu1~20.04.8		python: Improper validation of IPv6 and IPvFuture addresses 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-11168 镜像层: sha256:fd0567dc5f0046077aed9c61301cdbf95a9333d1b8f283f95eb4363a2a9c89a8 发布日期: 2024-11-12 22:15 修改: 2025-01-06 18:15
libpython3.8-stdlib	CVE-2024-6232	中危	3.8.10-0ubuntu1~20.04.8	3.8.10-0ubuntu1~20.04.12	python: cpython: tarfile: ReDos via excessive backtracking while parsing header values 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-6232 镜像层: sha256:fd0567dc5f0046077aed9c61301cdbf95a9333d1b8f283f95eb4363a2a9c89a8 发布日期: 2024-09-03 13:15 修改: 2024-09-04 21:15
libpython3.8-stdlib	CVE-2024-6923	中危	3.8.10-0ubuntu1~20.04.8	3.8.10-0ubuntu1~20.04.12	cpython: python: email module doesn't properly quotes newlines in email headers, allowing header injection 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-6923 镜像层: sha256:fd0567dc5f0046077aed9c61301cdbf95a9333d1b8f283f95eb4363a2a9c89a8 发布日期: 2024-08-01 14:15 修改: 2025-01-11 15:15
libpython3.8-stdlib	CVE-2024-8088	中危	3.8.10-0ubuntu1~20.04.8	3.8.10-0ubuntu1~20.04.12	python: cpython: Iterating over a malicious ZIP file may lead to Denial of Service 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-8088 镜像层: sha256:fd0567dc5f0046077aed9c61301cdbf95a9333d1b8f283f95eb4363a2a9c89a8 发布日期: 2024-08-22 19:15 修改: 2024-09-04 23:15
libpython3.8-stdlib	CVE-2024-9287	中危	3.8.10-0ubuntu1~20.04.8	3.8.10-0ubuntu1~20.04.13	python: Virtual environment (venv) activation scripts don't quote paths 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-9287 镜像层: sha256:fd0567dc5f0046077aed9c61301cdbf95a9333d1b8f283f95eb4363a2a9c89a8 发布日期: 2024-10-22 17:15 修改: 2024-11-04 18:15
libsmartcols1	CVE-2024-28085	中危	2.34-0.1ubuntu9.4	2.34-0.1ubuntu9.5	util-linux: CVE-2024-28085: wall: escape sequence injection 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-28085 镜像层: sha256:ea4a8e02c19d3109db71970f3ba902ff4a4c2b1e7f6c3054947e0d6e3dca38ce 发布日期: 2024-03-27 19:15 修改: 2024-08-26 21:35
libsqlite3-0	CVE-2023-7104	中危	3.31.1-4ubuntu0.5	3.31.1-4ubuntu0.6	sqlite: heap-buffer-overflow at sessionfuzz 漏洞详情: https://avd.aquasec.com/nvd/cve-2023-7104 镜像层: sha256:ea4a8e02c19d3109db71970f3ba902ff4a4c2b1e7f6c3054947e0d6e3dca38ce 发布日期: 2023-12-29 10:15 修改: 2024-05-17 02:34
libssh-4	CVE-2023-48795	中危	0.9.3-2ubuntu2.3	0.9.3-2ubuntu2.4	ssh: Prefix truncation attack on Binary Packet Protocol (BPP) 漏洞详情: https://avd.aquasec.com/nvd/cve-2023-48795 镜像层: sha256:fd0567dc5f0046077aed9c61301cdbf95a9333d1b8f283f95eb4363a2a9c89a8 发布日期: 2023-12-18 16:15 修改: 2024-12-02 14:54
libssh-4	CVE-2023-6004	中危	0.9.3-2ubuntu2.3	0.9.3-2ubuntu2.5	libssh: ProxyCommand/ProxyJump features allow injection of malicious code through hostname 漏洞详情: https://avd.aquasec.com/nvd/cve-2023-6004 镜像层: sha256:fd0567dc5f0046077aed9c61301cdbf95a9333d1b8f283f95eb4363a2a9c89a8 发布日期: 2024-01-03 17:15 修改: 2024-09-16 18:15
libssh-4	CVE-2023-6918	中危	0.9.3-2ubuntu2.3	0.9.3-2ubuntu2.5	libssh: Missing checks for return values for digests 漏洞详情: https://avd.aquasec.com/nvd/cve-2023-6918 镜像层: sha256:fd0567dc5f0046077aed9c61301cdbf95a9333d1b8f283f95eb4363a2a9c89a8 发布日期: 2023-12-19 00:15 修改: 2024-09-16 18:15
libtiff5	CVE-2022-40090	中危	4.1.0+git191117-2ubuntu0.20.04.8	4.1.0+git191117-2ubuntu0.20.04.11	libtiff: infinite loop via a crafted TIFF file 漏洞详情: https://avd.aquasec.com/nvd/cve-2022-40090 镜像层: sha256:fd0567dc5f0046077aed9c61301cdbf95a9333d1b8f283f95eb4363a2a9c89a8 发布日期: 2023-08-22 19:16 修改: 2023-08-26 02:13
libtiff5	CVE-2022-48281	中危	4.1.0+git191117-2ubuntu0.20.04.8	4.1.0+git191117-2ubuntu0.20.04.9	libtiff: heap-based buffer overflow in processCropSelections() in tools/tiffcrop.c 漏洞详情: https://avd.aquasec.com/nvd/cve-2022-48281 镜像层: sha256:fd0567dc5f0046077aed9c61301cdbf95a9333d1b8f283f95eb4363a2a9c89a8 发布日期: 2023-01-23 03:15 修改: 2023-05-30 06:16
libtiff5	CVE-2023-25433	中危	4.1.0+git191117-2ubuntu0.20.04.8	4.1.0+git191117-2ubuntu0.20.04.9	libtiff: Buffer Overflow via /libtiff/tools/tiffcrop.c 漏洞详情: https://avd.aquasec.com/nvd/cve-2023-25433 镜像层: sha256:fd0567dc5f0046077aed9c61301cdbf95a9333d1b8f283f95eb4363a2a9c89a8 发布日期: 2023-06-29 20:15 修改: 2023-08-01 02:15
libtiff5	CVE-2023-26966	中危	4.1.0+git191117-2ubuntu0.20.04.8	4.1.0+git191117-2ubuntu0.20.04.9	libtiff: Buffer Overflow in uv_encode() 漏洞详情: https://avd.aquasec.com/nvd/cve-2023-26966 镜像层: sha256:fd0567dc5f0046077aed9c61301cdbf95a9333d1b8f283f95eb4363a2a9c89a8 发布日期: 2023-06-29 20:15 修改: 2023-08-01 02:15
libtiff5	CVE-2023-2908	中危	4.1.0+git191117-2ubuntu0.20.04.8	4.1.0+git191117-2ubuntu0.20.04.9	libtiff: null pointer dereference in tif_dir.c 漏洞详情: https://avd.aquasec.com/nvd/cve-2023-2908 镜像层: sha256:fd0567dc5f0046077aed9c61301cdbf95a9333d1b8f283f95eb4363a2a9c89a8 发布日期: 2023-06-30 22:15 修改: 2023-11-07 04:13
libtiff5	CVE-2023-3618	中危	4.1.0+git191117-2ubuntu0.20.04.8	4.1.0+git191117-2ubuntu0.20.04.9	libtiff: segmentation fault in Fax3Encode in libtiff/tif_fax3.c 漏洞详情: https://avd.aquasec.com/nvd/cve-2023-3618 镜像层: sha256:fd0567dc5f0046077aed9c61301cdbf95a9333d1b8f283f95eb4363a2a9c89a8 发布日期: 2023-07-12 15:15 修改: 2024-03-23 11:15
libtiff5	CVE-2023-52356	中危	4.1.0+git191117-2ubuntu0.20.04.8	4.1.0+git191117-2ubuntu0.20.04.12	libtiff: Segment fault in libtiff in TIFFReadRGBATileExt() leading to denial of service 漏洞详情: https://avd.aquasec.com/nvd/cve-2023-52356 镜像层: sha256:fd0567dc5f0046077aed9c61301cdbf95a9333d1b8f283f95eb4363a2a9c89a8 发布日期: 2024-01-25 20:15 修改: 2024-09-16 20:15
libtiff5	CVE-2024-7006	中危	4.1.0+git191117-2ubuntu0.20.04.8	4.1.0+git191117-2ubuntu0.20.04.14	libtiff: NULL pointer dereference in tif_dirinfo.c 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-7006 镜像层: sha256:fd0567dc5f0046077aed9c61301cdbf95a9333d1b8f283f95eb4363a2a9c89a8 发布日期: 2024-08-12 13:38 修改: 2024-11-06 10:15
libuuid1	CVE-2024-28085	中危	2.34-0.1ubuntu9.4	2.34-0.1ubuntu9.5	util-linux: CVE-2024-28085: wall: escape sequence injection 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-28085 镜像层: sha256:ea4a8e02c19d3109db71970f3ba902ff4a4c2b1e7f6c3054947e0d6e3dca38ce 发布日期: 2024-03-27 19:15 修改: 2024-08-26 21:35
libwebp6	CVE-2023-4863	中危	0.6.1-2ubuntu0.20.04.2	0.6.1-2ubuntu0.20.04.3	libwebp: Heap buffer overflow in WebP Codec 漏洞详情: https://avd.aquasec.com/nvd/cve-2023-4863 镜像层: sha256:fd0567dc5f0046077aed9c61301cdbf95a9333d1b8f283f95eb4363a2a9c89a8 发布日期: 2023-09-12 15:15 修改: 2024-12-20 19:00
libwebpmux3	CVE-2023-4863	中危	0.6.1-2ubuntu0.20.04.2	0.6.1-2ubuntu0.20.04.3	libwebp: Heap buffer overflow in WebP Codec 漏洞详情: https://avd.aquasec.com/nvd/cve-2023-4863 镜像层: sha256:fd0567dc5f0046077aed9c61301cdbf95a9333d1b8f283f95eb4363a2a9c89a8 发布日期: 2023-09-12 15:15 修改: 2024-12-20 19:00
libx11-6	CVE-2023-43785	中危	2:1.6.9-2ubuntu1.5	2:1.6.9-2ubuntu1.6	libX11: out-of-bounds memory access in _XkbReadKeySyms() 漏洞详情: https://avd.aquasec.com/nvd/cve-2023-43785 镜像层: sha256:fd0567dc5f0046077aed9c61301cdbf95a9333d1b8f283f95eb4363a2a9c89a8 发布日期: 2023-10-10 13:15 修改: 2024-09-16 15:15
libx11-6	CVE-2023-43786	中危	2:1.6.9-2ubuntu1.5	2:1.6.9-2ubuntu1.6	libX11: stack exhaustion from infinite recursion in PutSubImage() 漏洞详情: https://avd.aquasec.com/nvd/cve-2023-43786 镜像层: sha256:fd0567dc5f0046077aed9c61301cdbf95a9333d1b8f283f95eb4363a2a9c89a8 发布日期: 2023-10-10 13:15 修改: 2024-09-16 15:15
libx11-6	CVE-2023-43787	中危	2:1.6.9-2ubuntu1.5	2:1.6.9-2ubuntu1.6	libX11: integer overflow in XCreateImage() leading to a heap overflow 漏洞详情: https://avd.aquasec.com/nvd/cve-2023-43787 镜像层: sha256:fd0567dc5f0046077aed9c61301cdbf95a9333d1b8f283f95eb4363a2a9c89a8 发布日期: 2023-10-10 13:15 修改: 2024-09-16 15:15
libx11-data	CVE-2023-43785	中危	2:1.6.9-2ubuntu1.5	2:1.6.9-2ubuntu1.6	libX11: out-of-bounds memory access in _XkbReadKeySyms() 漏洞详情: https://avd.aquasec.com/nvd/cve-2023-43785 镜像层: sha256:fd0567dc5f0046077aed9c61301cdbf95a9333d1b8f283f95eb4363a2a9c89a8 发布日期: 2023-10-10 13:15 修改: 2024-09-16 15:15
libx11-data	CVE-2023-43786	中危	2:1.6.9-2ubuntu1.5	2:1.6.9-2ubuntu1.6	libX11: stack exhaustion from infinite recursion in PutSubImage() 漏洞详情: https://avd.aquasec.com/nvd/cve-2023-43786 镜像层: sha256:fd0567dc5f0046077aed9c61301cdbf95a9333d1b8f283f95eb4363a2a9c89a8 发布日期: 2023-10-10 13:15 修改: 2024-09-16 15:15
libx11-data	CVE-2023-43787	中危	2:1.6.9-2ubuntu1.5	2:1.6.9-2ubuntu1.6	libX11: integer overflow in XCreateImage() leading to a heap overflow 漏洞详情: https://avd.aquasec.com/nvd/cve-2023-43787 镜像层: sha256:fd0567dc5f0046077aed9c61301cdbf95a9333d1b8f283f95eb4363a2a9c89a8 发布日期: 2023-10-10 13:15 修改: 2024-09-16 15:15
libxml2	CVE-2024-25062	中危	2.9.10+dfsg-5ubuntu0.20.04.6	2.9.10+dfsg-5ubuntu0.20.04.7	libxml2: use-after-free in XMLReader 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-25062 镜像层: sha256:fd0567dc5f0046077aed9c61301cdbf95a9333d1b8f283f95eb4363a2a9c89a8 发布日期: 2024-02-04 16:15 修改: 2024-02-13 00:40
libxpm4	CVE-2023-43786	中危	1:3.5.12-1ubuntu0.20.04.1	1:3.5.12-1ubuntu0.20.04.2	libX11: stack exhaustion from infinite recursion in PutSubImage() 漏洞详情: https://avd.aquasec.com/nvd/cve-2023-43786 镜像层: sha256:fd0567dc5f0046077aed9c61301cdbf95a9333d1b8f283f95eb4363a2a9c89a8 发布日期: 2023-10-10 13:15 修改: 2024-09-16 15:15
libxpm4	CVE-2023-43787	中危	1:3.5.12-1ubuntu0.20.04.1	1:3.5.12-1ubuntu0.20.04.2	libX11: integer overflow in XCreateImage() leading to a heap overflow 漏洞详情: https://avd.aquasec.com/nvd/cve-2023-43787 镜像层: sha256:fd0567dc5f0046077aed9c61301cdbf95a9333d1b8f283f95eb4363a2a9c89a8 发布日期: 2023-10-10 13:15 修改: 2024-09-16 15:15
libxpm4	CVE-2023-43788	中危	1:3.5.12-1ubuntu0.20.04.1	1:3.5.12-1ubuntu0.20.04.2	libXpm: out of bounds read in XpmCreateXpmImageFromBuffer() 漏洞详情: https://avd.aquasec.com/nvd/cve-2023-43788 镜像层: sha256:fd0567dc5f0046077aed9c61301cdbf95a9333d1b8f283f95eb4363a2a9c89a8 发布日期: 2023-10-10 13:15 修改: 2024-09-16 15:15
libxpm4	CVE-2023-43789	中危	1:3.5.12-1ubuntu0.20.04.1	1:3.5.12-1ubuntu0.20.04.2	libXpm: out of bounds read on XPM with corrupted colormap 漏洞详情: https://avd.aquasec.com/nvd/cve-2023-43789 镜像层: sha256:fd0567dc5f0046077aed9c61301cdbf95a9333d1b8f283f95eb4363a2a9c89a8 发布日期: 2023-10-12 12:15 修改: 2024-09-16 15:15
locales	CVE-2024-2961	中危	2.31-0ubuntu9.9	2.31-0ubuntu9.15	glibc: Out of bounds write in iconv may lead to remote code execution 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-2961 镜像层: sha256:fd0567dc5f0046077aed9c61301cdbf95a9333d1b8f283f95eb4363a2a9c89a8 发布日期: 2024-04-17 18:15 修改: 2024-07-22 18:15
locales	CVE-2024-33599	中危	2.31-0ubuntu9.9	2.31-0ubuntu9.16	glibc: stack-based buffer overflow in netgroup cache 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-33599 镜像层: sha256:fd0567dc5f0046077aed9c61301cdbf95a9333d1b8f283f95eb4363a2a9c89a8 发布日期: 2024-05-06 20:15 修改: 2024-07-22 18:15
locales	CVE-2024-33600	中危	2.31-0ubuntu9.9	2.31-0ubuntu9.16	glibc: null pointer dereferences after failed netgroup cache insertion 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-33600 镜像层: sha256:fd0567dc5f0046077aed9c61301cdbf95a9333d1b8f283f95eb4363a2a9c89a8 发布日期: 2024-05-06 20:15 修改: 2024-07-22 18:15
locales	CVE-2024-33601	中危	2.31-0ubuntu9.9	2.31-0ubuntu9.16	glibc: netgroup cache may terminate daemon on memory allocation failure 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-33601 镜像层: sha256:fd0567dc5f0046077aed9c61301cdbf95a9333d1b8f283f95eb4363a2a9c89a8 发布日期: 2024-05-06 20:15 修改: 2024-07-22 18:15
locales	CVE-2024-33602	中危	2.31-0ubuntu9.9	2.31-0ubuntu9.16	glibc: netgroup cache assumes NSS callback uses in-buffer strings 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-33602 镜像层: sha256:fd0567dc5f0046077aed9c61301cdbf95a9333d1b8f283f95eb4363a2a9c89a8 发布日期: 2024-05-06 20:15 修改: 2024-07-22 18:15
login	CVE-2024-56433	中危	1:4.8.1-1ubuntu5.20.04.4		shadow-utils: Default subordinate ID configuration in /etc/login.defs could lead to compromise 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-56433 镜像层: sha256:ec66d8cea54a2f4dfbbd8342ce082503bf8541e996a800c0d724b8dd2fea7f6a 发布日期: 2024-12-26 09:15 修改: 2024-12-26 09:15
mount	CVE-2024-28085	中危	2.34-0.1ubuntu9.4	2.34-0.1ubuntu9.5	util-linux: CVE-2024-28085: wall: escape sequence injection 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-28085 镜像层: sha256:ea4a8e02c19d3109db71970f3ba902ff4a4c2b1e7f6c3054947e0d6e3dca38ce 发布日期: 2024-03-27 19:15 修改: 2024-08-26 21:35
openssh-client	CVE-2023-38408	中危	1:8.2p1-4ubuntu0.7	1:8.2p1-4ubuntu0.8	openssh: Remote code execution in ssh-agent PKCS#11 support 漏洞详情: https://avd.aquasec.com/nvd/cve-2023-38408 镜像层: sha256:fd0567dc5f0046077aed9c61301cdbf95a9333d1b8f283f95eb4363a2a9c89a8 发布日期: 2023-07-20 03:15 修改: 2024-10-15 19:35
openssh-client	CVE-2023-48795	中危	1:8.2p1-4ubuntu0.7	1:8.2p1-4ubuntu0.10	ssh: Prefix truncation attack on Binary Packet Protocol (BPP) 漏洞详情: https://avd.aquasec.com/nvd/cve-2023-48795 镜像层: sha256:fd0567dc5f0046077aed9c61301cdbf95a9333d1b8f283f95eb4363a2a9c89a8 发布日期: 2023-12-18 16:15 修改: 2024-12-02 14:54
openssh-client	CVE-2023-51385	中危	1:8.2p1-4ubuntu0.7	1:8.2p1-4ubuntu0.11	openssh: potential command injection via shell metacharacters 漏洞详情: https://avd.aquasec.com/nvd/cve-2023-51385 镜像层: sha256:fd0567dc5f0046077aed9c61301cdbf95a9333d1b8f283f95eb4363a2a9c89a8 发布日期: 2023-12-18 19:15 修改: 2024-03-13 21:15
openssh-server	CVE-2023-38408	中危	1:8.2p1-4ubuntu0.7	1:8.2p1-4ubuntu0.8	openssh: Remote code execution in ssh-agent PKCS#11 support 漏洞详情: https://avd.aquasec.com/nvd/cve-2023-38408 镜像层: sha256:fd0567dc5f0046077aed9c61301cdbf95a9333d1b8f283f95eb4363a2a9c89a8 发布日期: 2023-07-20 03:15 修改: 2024-10-15 19:35
openssh-server	CVE-2023-48795	中危	1:8.2p1-4ubuntu0.7	1:8.2p1-4ubuntu0.10	ssh: Prefix truncation attack on Binary Packet Protocol (BPP) 漏洞详情: https://avd.aquasec.com/nvd/cve-2023-48795 镜像层: sha256:fd0567dc5f0046077aed9c61301cdbf95a9333d1b8f283f95eb4363a2a9c89a8 发布日期: 2023-12-18 16:15 修改: 2024-12-02 14:54
openssh-server	CVE-2023-51385	中危	1:8.2p1-4ubuntu0.7	1:8.2p1-4ubuntu0.11	openssh: potential command injection via shell metacharacters 漏洞详情: https://avd.aquasec.com/nvd/cve-2023-51385 镜像层: sha256:fd0567dc5f0046077aed9c61301cdbf95a9333d1b8f283f95eb4363a2a9c89a8 发布日期: 2023-12-18 19:15 修改: 2024-03-13 21:15
openssh-sftp-server	CVE-2023-38408	中危	1:8.2p1-4ubuntu0.7	1:8.2p1-4ubuntu0.8	openssh: Remote code execution in ssh-agent PKCS#11 support 漏洞详情: https://avd.aquasec.com/nvd/cve-2023-38408 镜像层: sha256:fd0567dc5f0046077aed9c61301cdbf95a9333d1b8f283f95eb4363a2a9c89a8 发布日期: 2023-07-20 03:15 修改: 2024-10-15 19:35
openssh-sftp-server	CVE-2023-48795	中危	1:8.2p1-4ubuntu0.7	1:8.2p1-4ubuntu0.10	ssh: Prefix truncation attack on Binary Packet Protocol (BPP) 漏洞详情: https://avd.aquasec.com/nvd/cve-2023-48795 镜像层: sha256:fd0567dc5f0046077aed9c61301cdbf95a9333d1b8f283f95eb4363a2a9c89a8 发布日期: 2023-12-18 16:15 修改: 2024-12-02 14:54
openssh-sftp-server	CVE-2023-51385	中危	1:8.2p1-4ubuntu0.7	1:8.2p1-4ubuntu0.11	openssh: potential command injection via shell metacharacters 漏洞详情: https://avd.aquasec.com/nvd/cve-2023-51385 镜像层: sha256:fd0567dc5f0046077aed9c61301cdbf95a9333d1b8f283f95eb4363a2a9c89a8 发布日期: 2023-12-18 19:15 修改: 2024-03-13 21:15
passwd	CVE-2024-56433	中危	1:4.8.1-1ubuntu5.20.04.4		shadow-utils: Default subordinate ID configuration in /etc/login.defs could lead to compromise 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-56433 镜像层: sha256:ec66d8cea54a2f4dfbbd8342ce082503bf8541e996a800c0d724b8dd2fea7f6a 发布日期: 2024-12-26 09:15 修改: 2024-12-26 09:15
perl	CVE-2023-47038	中危	5.30.0-9ubuntu0.4	5.30.0-9ubuntu0.5	perl: Write past buffer end via illegal user-defined Unicode property 漏洞详情: https://avd.aquasec.com/nvd/cve-2023-47038 镜像层: sha256:fd0567dc5f0046077aed9c61301cdbf95a9333d1b8f283f95eb4363a2a9c89a8 发布日期: 2023-12-18 14:15 修改: 2024-09-16 16:15
perl-base	CVE-2023-47038	中危	5.30.0-9ubuntu0.4	5.30.0-9ubuntu0.5	perl: Write past buffer end via illegal user-defined Unicode property 漏洞详情: https://avd.aquasec.com/nvd/cve-2023-47038 镜像层: sha256:ec66d8cea54a2f4dfbbd8342ce082503bf8541e996a800c0d724b8dd2fea7f6a 发布日期: 2023-12-18 14:15 修改: 2024-09-16 16:15
perl-modules-5.30	CVE-2023-47038	中危	5.30.0-9ubuntu0.4	5.30.0-9ubuntu0.5	perl: Write past buffer end via illegal user-defined Unicode property 漏洞详情: https://avd.aquasec.com/nvd/cve-2023-47038 镜像层: sha256:fd0567dc5f0046077aed9c61301cdbf95a9333d1b8f283f95eb4363a2a9c89a8 发布日期: 2023-12-18 14:15 修改: 2024-09-16 16:15
postgresql-client-12	CVE-2023-39417	中危	12.15-1.pgdg20.04+1	12.16-0ubuntu0.20.04.1	postgresql: extension script @substitutions@ within quoting allow SQL injection 漏洞详情: https://avd.aquasec.com/nvd/cve-2023-39417 镜像层: sha256:fd0567dc5f0046077aed9c61301cdbf95a9333d1b8f283f95eb4363a2a9c89a8 发布日期: 2023-08-11 13:15 修改: 2024-09-09 08:15
postgresql-client-12	CVE-2023-5868	中危	12.15-1.pgdg20.04+1	12.17-0ubuntu0.20.04.1	postgresql: Memory disclosure in aggregate function calls 漏洞详情: https://avd.aquasec.com/nvd/cve-2023-5868 镜像层: sha256:fd0567dc5f0046077aed9c61301cdbf95a9333d1b8f283f95eb4363a2a9c89a8 发布日期: 2023-12-10 18:15 修改: 2024-09-14 00:15
postgresql-client-12	CVE-2023-5869	中危	12.15-1.pgdg20.04+1	12.17-0ubuntu0.20.04.1	postgresql: Buffer overrun from integer overflow in array modification 漏洞详情: https://avd.aquasec.com/nvd/cve-2023-5869 镜像层: sha256:fd0567dc5f0046077aed9c61301cdbf95a9333d1b8f283f95eb4363a2a9c89a8 发布日期: 2023-12-10 18:15 修改: 2024-09-14 00:15
postgresql-client-12	CVE-2023-5870	中危	12.15-1.pgdg20.04+1	12.17-0ubuntu0.20.04.1	postgresql: Role pg_signal_backend can signal certain superuser processes. 漏洞详情: https://avd.aquasec.com/nvd/cve-2023-5870 镜像层: sha256:fd0567dc5f0046077aed9c61301cdbf95a9333d1b8f283f95eb4363a2a9c89a8 发布日期: 2023-12-10 18:15 修改: 2024-09-14 00:15
postgresql-client-12	CVE-2024-0985	中危	12.15-1.pgdg20.04+1	12.18-0ubuntu0.20.04.1	postgresql: non-owner 'REFRESH MATERIALIZED VIEW CONCURRENTLY' executes arbitrary SQL 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-0985 镜像层: sha256:fd0567dc5f0046077aed9c61301cdbf95a9333d1b8f283f95eb4363a2a9c89a8 发布日期: 2024-02-08 13:15 修改: 2024-12-20 13:15
postgresql-client-12	CVE-2024-10976	中危	12.15-1.pgdg20.04+1	12.22-0ubuntu0.20.04.1	postgresql: PostgreSQL row security below e.g. subqueries disregards user ID changes 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-10976 镜像层: sha256:fd0567dc5f0046077aed9c61301cdbf95a9333d1b8f283f95eb4363a2a9c89a8 发布日期: 2024-11-14 13:15 修改: 2024-11-15 13:58
postgresql-client-12	CVE-2024-10977	中危	12.15-1.pgdg20.04+1	12.22-0ubuntu0.20.04.1	postgresql: PostgreSQL libpq retains an error message from man-in-the-middle 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-10977 镜像层: sha256:fd0567dc5f0046077aed9c61301cdbf95a9333d1b8f283f95eb4363a2a9c89a8 发布日期: 2024-11-14 13:15 修改: 2024-11-15 13:58
postgresql-client-12	CVE-2024-10978	中危	12.15-1.pgdg20.04+1	12.22-0ubuntu0.20.04.1	postgresql: PostgreSQL SET ROLE, SET SESSION AUTHORIZATION reset to wrong user ID 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-10978 镜像层: sha256:fd0567dc5f0046077aed9c61301cdbf95a9333d1b8f283f95eb4363a2a9c89a8 发布日期: 2024-11-14 13:15 修改: 2024-11-21 22:15
postgresql-client-12	CVE-2024-10979	中危	12.15-1.pgdg20.04+1	12.22-0ubuntu0.20.04.1	postgresql: PostgreSQL PL/Perl environment variable changes execute arbitrary code 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-10979 镜像层: sha256:fd0567dc5f0046077aed9c61301cdbf95a9333d1b8f283f95eb4363a2a9c89a8 发布日期: 2024-11-14 13:15 修改: 2025-01-10 13:15
postgresql-client-12	CVE-2024-7348	中危	12.15-1.pgdg20.04+1	12.20-0ubuntu0.20.04.1	postgresql: PostgreSQL relation replacement during pg_dump executes arbitrary SQL 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-7348 镜像层: sha256:fd0567dc5f0046077aed9c61301cdbf95a9333d1b8f283f95eb4363a2a9c89a8 发布日期: 2024-08-08 13:15 修改: 2024-08-12 15:54
python3-pkg-resources	CVE-2024-6345	中危	45.2.0-1ubuntu0.1	45.2.0-1ubuntu0.2	pypa/setuptools: Remote code execution via download functions in the package_index module in pypa/setuptools 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-6345 镜像层: sha256:fd0567dc5f0046077aed9c61301cdbf95a9333d1b8f283f95eb4363a2a9c89a8 发布日期: 2024-07-15 01:15 修改: 2024-07-15 13:00
python3.8	CVE-2023-27043	中危	3.8.10-0ubuntu1~20.04.8	3.8.10-0ubuntu1~20.04.12	python: Parsing errors in email/_parseaddr.py lead to incorrect value in email address part of tuple 漏洞详情: https://avd.aquasec.com/nvd/cve-2023-27043 镜像层: sha256:fd0567dc5f0046077aed9c61301cdbf95a9333d1b8f283f95eb4363a2a9c89a8 发布日期: 2023-04-19 00:15 修改: 2024-02-26 16:27
python3.8	CVE-2023-40217	中危	3.8.10-0ubuntu1~20.04.8	3.8.10-0ubuntu1~20.04.9	python: TLS handshake bypass 漏洞详情: https://avd.aquasec.com/nvd/cve-2023-40217 镜像层: sha256:fd0567dc5f0046077aed9c61301cdbf95a9333d1b8f283f95eb4363a2a9c89a8 发布日期: 2023-08-25 01:15 修改: 2023-11-07 04:20
python3.8	CVE-2023-6597	中危	3.8.10-0ubuntu1~20.04.8	3.8.10-0ubuntu1~20.04.10	python: Path traversal on tempfile.TemporaryDirectory 漏洞详情: https://avd.aquasec.com/nvd/cve-2023-6597 镜像层: sha256:fd0567dc5f0046077aed9c61301cdbf95a9333d1b8f283f95eb4363a2a9c89a8 发布日期: 2024-03-19 16:15 修改: 2024-06-10 18:15
python3.8	CVE-2024-0397	中危	3.8.10-0ubuntu1~20.04.8	3.8.10-0ubuntu1~20.04.11	cpython: python: Memory race condition in ssl.SSLContext certificate store methods 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-0397 镜像层: sha256:fd0567dc5f0046077aed9c61301cdbf95a9333d1b8f283f95eb4363a2a9c89a8 发布日期: 2024-06-17 16:15 修改: 2024-07-03 01:44
python3.8	CVE-2024-0450	中危	3.8.10-0ubuntu1~20.04.8	3.8.10-0ubuntu1~20.04.10	python: The zipfile module is vulnerable to zip-bombs leading to denial of service 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-0450 镜像层: sha256:fd0567dc5f0046077aed9c61301cdbf95a9333d1b8f283f95eb4363a2a9c89a8 发布日期: 2024-03-19 16:15 修改: 2024-06-10 18:15
python3.8	CVE-2024-11168	中危	3.8.10-0ubuntu1~20.04.8		python: Improper validation of IPv6 and IPvFuture addresses 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-11168 镜像层: sha256:fd0567dc5f0046077aed9c61301cdbf95a9333d1b8f283f95eb4363a2a9c89a8 发布日期: 2024-11-12 22:15 修改: 2025-01-06 18:15
python3.8	CVE-2024-6232	中危	3.8.10-0ubuntu1~20.04.8	3.8.10-0ubuntu1~20.04.12	python: cpython: tarfile: ReDos via excessive backtracking while parsing header values 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-6232 镜像层: sha256:fd0567dc5f0046077aed9c61301cdbf95a9333d1b8f283f95eb4363a2a9c89a8 发布日期: 2024-09-03 13:15 修改: 2024-09-04 21:15
python3.8	CVE-2024-6923	中危	3.8.10-0ubuntu1~20.04.8	3.8.10-0ubuntu1~20.04.12	cpython: python: email module doesn't properly quotes newlines in email headers, allowing header injection 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-6923 镜像层: sha256:fd0567dc5f0046077aed9c61301cdbf95a9333d1b8f283f95eb4363a2a9c89a8 发布日期: 2024-08-01 14:15 修改: 2025-01-11 15:15
python3.8	CVE-2024-8088	中危	3.8.10-0ubuntu1~20.04.8	3.8.10-0ubuntu1~20.04.12	python: cpython: Iterating over a malicious ZIP file may lead to Denial of Service 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-8088 镜像层: sha256:fd0567dc5f0046077aed9c61301cdbf95a9333d1b8f283f95eb4363a2a9c89a8 发布日期: 2024-08-22 19:15 修改: 2024-09-04 23:15
python3.8	CVE-2024-9287	中危	3.8.10-0ubuntu1~20.04.8	3.8.10-0ubuntu1~20.04.13	python: Virtual environment (venv) activation scripts don't quote paths 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-9287 镜像层: sha256:fd0567dc5f0046077aed9c61301cdbf95a9333d1b8f283f95eb4363a2a9c89a8 发布日期: 2024-10-22 17:15 修改: 2024-11-04 18:15
python3.8-minimal	CVE-2023-27043	中危	3.8.10-0ubuntu1~20.04.8	3.8.10-0ubuntu1~20.04.12	python: Parsing errors in email/_parseaddr.py lead to incorrect value in email address part of tuple 漏洞详情: https://avd.aquasec.com/nvd/cve-2023-27043 镜像层: sha256:fd0567dc5f0046077aed9c61301cdbf95a9333d1b8f283f95eb4363a2a9c89a8 发布日期: 2023-04-19 00:15 修改: 2024-02-26 16:27
python3.8-minimal	CVE-2023-40217	中危	3.8.10-0ubuntu1~20.04.8	3.8.10-0ubuntu1~20.04.9	python: TLS handshake bypass 漏洞详情: https://avd.aquasec.com/nvd/cve-2023-40217 镜像层: sha256:fd0567dc5f0046077aed9c61301cdbf95a9333d1b8f283f95eb4363a2a9c89a8 发布日期: 2023-08-25 01:15 修改: 2023-11-07 04:20
python3.8-minimal	CVE-2023-6597	中危	3.8.10-0ubuntu1~20.04.8	3.8.10-0ubuntu1~20.04.10	python: Path traversal on tempfile.TemporaryDirectory 漏洞详情: https://avd.aquasec.com/nvd/cve-2023-6597 镜像层: sha256:fd0567dc5f0046077aed9c61301cdbf95a9333d1b8f283f95eb4363a2a9c89a8 发布日期: 2024-03-19 16:15 修改: 2024-06-10 18:15
python3.8-minimal	CVE-2024-0397	中危	3.8.10-0ubuntu1~20.04.8	3.8.10-0ubuntu1~20.04.11	cpython: python: Memory race condition in ssl.SSLContext certificate store methods 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-0397 镜像层: sha256:fd0567dc5f0046077aed9c61301cdbf95a9333d1b8f283f95eb4363a2a9c89a8 发布日期: 2024-06-17 16:15 修改: 2024-07-03 01:44
python3.8-minimal	CVE-2024-0450	中危	3.8.10-0ubuntu1~20.04.8	3.8.10-0ubuntu1~20.04.10	python: The zipfile module is vulnerable to zip-bombs leading to denial of service 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-0450 镜像层: sha256:fd0567dc5f0046077aed9c61301cdbf95a9333d1b8f283f95eb4363a2a9c89a8 发布日期: 2024-03-19 16:15 修改: 2024-06-10 18:15
python3.8-minimal	CVE-2024-11168	中危	3.8.10-0ubuntu1~20.04.8		python: Improper validation of IPv6 and IPvFuture addresses 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-11168 镜像层: sha256:fd0567dc5f0046077aed9c61301cdbf95a9333d1b8f283f95eb4363a2a9c89a8 发布日期: 2024-11-12 22:15 修改: 2025-01-06 18:15
python3.8-minimal	CVE-2024-6232	中危	3.8.10-0ubuntu1~20.04.8	3.8.10-0ubuntu1~20.04.12	python: cpython: tarfile: ReDos via excessive backtracking while parsing header values 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-6232 镜像层: sha256:fd0567dc5f0046077aed9c61301cdbf95a9333d1b8f283f95eb4363a2a9c89a8 发布日期: 2024-09-03 13:15 修改: 2024-09-04 21:15
python3.8-minimal	CVE-2024-6923	中危	3.8.10-0ubuntu1~20.04.8	3.8.10-0ubuntu1~20.04.12	cpython: python: email module doesn't properly quotes newlines in email headers, allowing header injection 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-6923 镜像层: sha256:fd0567dc5f0046077aed9c61301cdbf95a9333d1b8f283f95eb4363a2a9c89a8 发布日期: 2024-08-01 14:15 修改: 2025-01-11 15:15
python3.8-minimal	CVE-2024-8088	中危	3.8.10-0ubuntu1~20.04.8	3.8.10-0ubuntu1~20.04.12	python: cpython: Iterating over a malicious ZIP file may lead to Denial of Service 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-8088 镜像层: sha256:fd0567dc5f0046077aed9c61301cdbf95a9333d1b8f283f95eb4363a2a9c89a8 发布日期: 2024-08-22 19:15 修改: 2024-09-04 23:15
python3.8-minimal	CVE-2024-9287	中危	3.8.10-0ubuntu1~20.04.8	3.8.10-0ubuntu1~20.04.13	python: Virtual environment (venv) activation scripts don't quote paths 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-9287 镜像层: sha256:fd0567dc5f0046077aed9c61301cdbf95a9333d1b8f283f95eb4363a2a9c89a8 发布日期: 2024-10-22 17:15 修改: 2024-11-04 18:15
redis-tools	CVE-2020-14147	中危	5:5.0.7-2ubuntu0.1		redis: integer overflow in the getnum function in lua_struct.c could lead to a DoS 漏洞详情: https://avd.aquasec.com/nvd/cve-2020-14147 镜像层: sha256:fd0567dc5f0046077aed9c61301cdbf95a9333d1b8f283f95eb4363a2a9c89a8 发布日期: 2020-06-15 18:15 修改: 2021-07-30 13:59
redis-tools	CVE-2021-32626	中危	5:5.0.7-2ubuntu0.1		redis: Lua scripts can overflow the heap-based Lua stack 漏洞详情: https://avd.aquasec.com/nvd/cve-2021-32626 镜像层: sha256:fd0567dc5f0046077aed9c61301cdbf95a9333d1b8f283f95eb4363a2a9c89a8 发布日期: 2021-10-04 18:15 修改: 2023-11-07 03:35
redis-tools	CVE-2021-32627	中危	5:5.0.7-2ubuntu0.1		redis: Integer overflow issue with Streams 漏洞详情: https://avd.aquasec.com/nvd/cve-2021-32627 镜像层: sha256:fd0567dc5f0046077aed9c61301cdbf95a9333d1b8f283f95eb4363a2a9c89a8 发布日期: 2021-10-04 18:15 修改: 2023-11-07 03:35
redis-tools	CVE-2021-32628	中危	5:5.0.7-2ubuntu0.1		redis: Integer overflow bug in the ziplist data structure 漏洞详情: https://avd.aquasec.com/nvd/cve-2021-32628 镜像层: sha256:fd0567dc5f0046077aed9c61301cdbf95a9333d1b8f283f95eb4363a2a9c89a8 发布日期: 2021-10-04 18:15 修改: 2023-11-07 03:35
redis-tools	CVE-2021-32672	中危	5:5.0.7-2ubuntu0.1		redis: Out of bounds read in lua debugger protocol parser 漏洞详情: https://avd.aquasec.com/nvd/cve-2021-32672 镜像层: sha256:fd0567dc5f0046077aed9c61301cdbf95a9333d1b8f283f95eb4363a2a9c89a8 发布日期: 2021-10-04 18:15 修改: 2023-11-07 03:35
redis-tools	CVE-2021-32675	中危	5:5.0.7-2ubuntu0.1		redis: Denial of service via Redis Standard Protocol (RESP) request 漏洞详情: https://avd.aquasec.com/nvd/cve-2021-32675 镜像层: sha256:fd0567dc5f0046077aed9c61301cdbf95a9333d1b8f283f95eb4363a2a9c89a8 发布日期: 2021-10-04 18:15 修改: 2023-11-07 03:35
redis-tools	CVE-2021-32687	中危	5:5.0.7-2ubuntu0.1		redis: Integer overflow issue with intsets 漏洞详情: https://avd.aquasec.com/nvd/cve-2021-32687 镜像层: sha256:fd0567dc5f0046077aed9c61301cdbf95a9333d1b8f283f95eb4363a2a9c89a8 发布日期: 2021-10-04 18:15 修改: 2023-11-07 03:35
redis-tools	CVE-2021-41099	中危	5:5.0.7-2ubuntu0.1		redis: Integer overflow issue with strings 漏洞详情: https://avd.aquasec.com/nvd/cve-2021-41099 镜像层: sha256:fd0567dc5f0046077aed9c61301cdbf95a9333d1b8f283f95eb4363a2a9c89a8 发布日期: 2021-10-04 18:15 修改: 2023-11-07 03:38
redis-tools	CVE-2022-24736	中危	5:5.0.7-2ubuntu0.1		redis: Malformed Lua script can crash Redis 漏洞详情: https://avd.aquasec.com/nvd/cve-2022-24736 镜像层: sha256:fd0567dc5f0046077aed9c61301cdbf95a9333d1b8f283f95eb4363a2a9c89a8 发布日期: 2022-04-27 20:15 修改: 2023-11-07 03:44
redis-tools	CVE-2022-24834	中危	5:5.0.7-2ubuntu0.1		redis: heap overflow in the lua cjson and cmsgpack libraries 漏洞详情: https://avd.aquasec.com/nvd/cve-2022-24834 镜像层: sha256:fd0567dc5f0046077aed9c61301cdbf95a9333d1b8f283f95eb4363a2a9c89a8 发布日期: 2023-07-13 15:15 修改: 2023-08-14 19:15
redis-tools	CVE-2022-35977	中危	5:5.0.7-2ubuntu0.1		redis: Integer overflow in the Redis SETRANGE and SORT/SORT_RO commands may result with false OOM panic 漏洞详情: https://avd.aquasec.com/nvd/cve-2022-35977 镜像层: sha256:fd0567dc5f0046077aed9c61301cdbf95a9333d1b8f283f95eb4363a2a9c89a8 发布日期: 2023-01-20 19:15 修改: 2023-02-02 14:28
redis-tools	CVE-2022-36021	中危	5:5.0.7-2ubuntu0.1		redis: Specially crafted SRANDMEMBER, ZRANDMEMBER, and HRANDFIELD commands can trigger an integer overflow 漏洞详情: https://avd.aquasec.com/nvd/cve-2022-36021 镜像层: sha256:fd0567dc5f0046077aed9c61301cdbf95a9333d1b8f283f95eb4363a2a9c89a8 发布日期: 2023-03-01 16:15 修改: 2023-11-07 03:49
redis-tools	CVE-2023-25155	中危	5:5.0.7-2ubuntu0.1		redis: String matching commands (like SCAN or KEYS) with a specially crafted pattern to trigger a denial-of-service attack 漏洞详情: https://avd.aquasec.com/nvd/cve-2023-25155 镜像层: sha256:fd0567dc5f0046077aed9c61301cdbf95a9333d1b8f283f95eb4363a2a9c89a8 发布日期: 2023-03-02 04:15 修改: 2023-03-10 05:02
redis-tools	CVE-2023-28856	中危	5:5.0.7-2ubuntu0.1		redis: Insufficient validation of HINCRBYFLOAT command 漏洞详情: https://avd.aquasec.com/nvd/cve-2023-28856 镜像层: sha256:fd0567dc5f0046077aed9c61301cdbf95a9333d1b8f283f95eb4363a2a9c89a8 发布日期: 2023-04-18 21:15 修改: 2023-06-01 14:15
redis-tools	CVE-2023-45145	中危	5:5.0.7-2ubuntu0.1		redis: possible bypass of Unix socket permissions on startup 漏洞详情: https://avd.aquasec.com/nvd/cve-2023-45145 镜像层: sha256:fd0567dc5f0046077aed9c61301cdbf95a9333d1b8f283f95eb4363a2a9c89a8 发布日期: 2023-10-18 21:15 修改: 2024-01-21 02:30
tar	CVE-2023-39804	中危	1.30+dfsg-7ubuntu0.20.04.3	1.30+dfsg-7ubuntu0.20.04.4	tar: Incorrectly handled extension attributes in PAX archives can lead to a crash 漏洞详情: https://avd.aquasec.com/nvd/cve-2023-39804 镜像层: sha256:ec66d8cea54a2f4dfbbd8342ce082503bf8541e996a800c0d724b8dd2fea7f6a 发布日期: 2024-03-27 04:15 修改: 2024-11-12 19:35
util-linux	CVE-2024-28085	中危	2.34-0.1ubuntu9.4	2.34-0.1ubuntu9.5	util-linux: CVE-2024-28085: wall: escape sequence injection 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-28085 镜像层: sha256:ea4a8e02c19d3109db71970f3ba902ff4a4c2b1e7f6c3054947e0d6e3dca38ce 发布日期: 2024-03-27 19:15 修改: 2024-08-26 21:35
wget	CVE-2021-31879	中危	1.20.3-1ubuntu2		wget: authorization header disclosure on redirect 漏洞详情: https://avd.aquasec.com/nvd/cve-2021-31879 镜像层: sha256:ea4a8e02c19d3109db71970f3ba902ff4a4c2b1e7f6c3054947e0d6e3dca38ce 发布日期: 2021-04-29 05:15 修改: 2022-05-13 20:52
wget	CVE-2024-38428	中危	1.20.3-1ubuntu2	1.20.3-1ubuntu2.1	wget: Misinterpretation of input may lead to improper behavior 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-38428 镜像层: sha256:ea4a8e02c19d3109db71970f3ba902ff4a4c2b1e7f6c3054947e0d6e3dca38ce 发布日期: 2024-06-16 03:15 修改: 2024-10-28 21:35
gpgv	CVE-2022-3219	低危	2.2.19-3ubuntu2.2		gnupg: denial of service issue (resource consumption) using compressed packets 漏洞详情: https://avd.aquasec.com/nvd/cve-2022-3219 镜像层: sha256:ec66d8cea54a2f4dfbbd8342ce082503bf8541e996a800c0d724b8dd2fea7f6a 发布日期: 2023-02-23 20:15 修改: 2023-05-26 16:31
graphicsmagick	CVE-2017-13736	低危	1.4+really1.3.35-1ubuntu0.1		There are lots of memory leaks in the GMCommand function in magick/com ... 漏洞详情: https://avd.aquasec.com/nvd/cve-2017-13736 镜像层: sha256:fd0567dc5f0046077aed9c61301cdbf95a9333d1b8f283f95eb4363a2a9c89a8 发布日期: 2017-08-29 06:29 修改: 2023-11-07 02:38
curl	CVE-2023-28321	低危	7.68.0-1ubuntu2.18	7.68.0-1ubuntu2.19	curl: IDN wildcard match may lead to Improper Cerificate Validation 漏洞详情: https://avd.aquasec.com/nvd/cve-2023-28321 镜像层: sha256:fd0567dc5f0046077aed9c61301cdbf95a9333d1b8f283f95eb4363a2a9c89a8 发布日期: 2023-05-26 21:15 修改: 2025-01-15 16:15
curl	CVE-2023-28322	低危	7.68.0-1ubuntu2.18	7.68.0-1ubuntu2.19	curl: more POST-after-PUT confusion 漏洞详情: https://avd.aquasec.com/nvd/cve-2023-28322 镜像层: sha256:fd0567dc5f0046077aed9c61301cdbf95a9333d1b8f283f95eb4363a2a9c89a8 发布日期: 2023-05-26 21:15 修改: 2023-12-22 16:15
curl	CVE-2023-38546	低危	7.68.0-1ubuntu2.18	7.68.0-1ubuntu2.20	curl: cookie injection with none file 漏洞详情: https://avd.aquasec.com/nvd/cve-2023-38546 镜像层: sha256:fd0567dc5f0046077aed9c61301cdbf95a9333d1b8f283f95eb4363a2a9c89a8 发布日期: 2023-10-18 04:15 修改: 2024-07-09 14:15
curl	CVE-2024-11053	低危	7.68.0-1ubuntu2.18	7.68.0-1ubuntu2.25	curl: curl netrc password leak 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-11053 镜像层: sha256:fd0567dc5f0046077aed9c61301cdbf95a9333d1b8f283f95eb4363a2a9c89a8 发布日期: 2024-12-11 08:15 修改: 2024-12-15 17:15
libgcrypt20	CVE-2024-2236	低危	1.8.5-5ubuntu1.1		libgcrypt: vulnerable to Marvin Attack 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-2236 镜像层: sha256:ec66d8cea54a2f4dfbbd8342ce082503bf8541e996a800c0d724b8dd2fea7f6a 发布日期: 2024-03-06 22:15 修改: 2024-11-12 18:15
libgd3	CVE-2021-40812	低危	2.2.5-5.2ubuntu2.1	2.2.5-5.2ubuntu2.4	The GD Graphics Library (aka LibGD) through 2.3.2 has an out-of-bounds ... 漏洞详情: https://avd.aquasec.com/nvd/cve-2021-40812 镜像层: sha256:fd0567dc5f0046077aed9c61301cdbf95a9333d1b8f283f95eb4363a2a9c89a8 发布日期: 2021-09-08 21:15 修改: 2024-10-29 14:35
libpcre2-8-0	CVE-2022-41409	低危	10.34-7ubuntu0.1		pcre2: negative repeat value in a pcre2test subject line leads to inifinite loop 漏洞详情: https://avd.aquasec.com/nvd/cve-2022-41409 镜像层: sha256:ec66d8cea54a2f4dfbbd8342ce082503bf8541e996a800c0d724b8dd2fea7f6a 发布日期: 2023-07-18 14:15 修改: 2023-07-27 03:46
libpcre3	CVE-2017-11164	低危	2:8.39-12ubuntu0.1		pcre: OP_KETRMAX feature in the match function in pcre_exec.c 漏洞详情: https://avd.aquasec.com/nvd/cve-2017-11164 镜像层: sha256:ec66d8cea54a2f4dfbbd8342ce082503bf8541e996a800c0d724b8dd2fea7f6a 发布日期: 2017-07-11 03:29 修改: 2023-11-07 02:38
dirmngr	CVE-2022-3219	低危	2.2.19-3ubuntu2.2		gnupg: denial of service issue (resource consumption) using compressed packets 漏洞详情: https://avd.aquasec.com/nvd/cve-2022-3219 镜像层: sha256:ea4a8e02c19d3109db71970f3ba902ff4a4c2b1e7f6c3054947e0d6e3dca38ce 发布日期: 2023-02-23 20:15 修改: 2023-05-26 16:31
libprocps8	CVE-2023-4016	低危	2:3.3.16-1ubuntu2.3	2:3.3.16-1ubuntu2.4	procps: ps buffer overflow 漏洞详情: https://avd.aquasec.com/nvd/cve-2023-4016 镜像层: sha256:ec66d8cea54a2f4dfbbd8342ce082503bf8541e996a800c0d724b8dd2fea7f6a 发布日期: 2023-08-02 05:15 修改: 2023-12-15 18:19
coreutils	CVE-2016-2781	低危	8.30-3ubuntu2		coreutils: Non-privileged session can escape to the parent session in chroot 漏洞详情: https://avd.aquasec.com/nvd/cve-2016-2781 镜像层: sha256:ec66d8cea54a2f4dfbbd8342ce082503bf8541e996a800c0d724b8dd2fea7f6a 发布日期: 2017-02-07 15:59 修改: 2023-11-07 02:32
locales	CVE-2016-20013	低危	2.31-0ubuntu9.9		漏洞详情: https://avd.aquasec.com/nvd/cve-2016-20013 镜像层: sha256:fd0567dc5f0046077aed9c61301cdbf95a9333d1b8f283f95eb4363a2a9c89a8 发布日期: 2022-02-19 05:15 修改: 2022-03-03 16:43
locales	CVE-2023-4806	低危	2.31-0ubuntu9.9	2.31-0ubuntu9.14	glibc: potential use-after-free in getaddrinfo() 漏洞详情: https://avd.aquasec.com/nvd/cve-2023-4806 镜像层: sha256:fd0567dc5f0046077aed9c61301cdbf95a9333d1b8f283f95eb4363a2a9c89a8 发布日期: 2023-09-18 17:15 修改: 2024-09-16 14:15
locales	CVE-2023-4813	低危	2.31-0ubuntu9.9	2.31-0ubuntu9.14	glibc: potential use-after-free in gaih_inet() 漏洞详情: https://avd.aquasec.com/nvd/cve-2023-4813 镜像层: sha256:fd0567dc5f0046077aed9c61301cdbf95a9333d1b8f283f95eb4363a2a9c89a8 发布日期: 2023-09-12 22:15 修改: 2024-09-16 14:15
libc-bin	CVE-2016-20013	低危	2.31-0ubuntu9.9		漏洞详情: https://avd.aquasec.com/nvd/cve-2016-20013 镜像层: sha256:ec66d8cea54a2f4dfbbd8342ce082503bf8541e996a800c0d724b8dd2fea7f6a 发布日期: 2022-02-19 05:15 修改: 2022-03-03 16:43
login	CVE-2013-4235	低危	1:4.8.1-1ubuntu5.20.04.4		shadow-utils: TOCTOU race conditions by copying and removing directory trees 漏洞详情: https://avd.aquasec.com/nvd/cve-2013-4235 镜像层: sha256:ec66d8cea54a2f4dfbbd8342ce082503bf8541e996a800c0d724b8dd2fea7f6a 发布日期: 2019-12-03 15:15 修改: 2023-02-13 00:28
login	CVE-2023-29383	低危	1:4.8.1-1ubuntu5.20.04.4		shadow: Improper input validation in shadow-utils package utility chfn 漏洞详情: https://avd.aquasec.com/nvd/cve-2023-29383 镜像层: sha256:ec66d8cea54a2f4dfbbd8342ce082503bf8541e996a800c0d724b8dd2fea7f6a 发布日期: 2023-04-14 22:15 修改: 2023-04-24 18:05
login	CVE-2023-4641	低危	1:4.8.1-1ubuntu5.20.04.4	1:4.8.1-1ubuntu5.20.04.5	shadow-utils: possible password leak during passwd(1) change 漏洞详情: https://avd.aquasec.com/nvd/cve-2023-4641 镜像层: sha256:ec66d8cea54a2f4dfbbd8342ce082503bf8541e996a800c0d724b8dd2fea7f6a 发布日期: 2023-12-27 16:15 修改: 2024-05-03 16:15
libgraphicsmagick-q16-3	CVE-2017-13736	低危	1.4+really1.3.35-1ubuntu0.1		There are lots of memory leaks in the GMCommand function in magick/com ... 漏洞详情: https://avd.aquasec.com/nvd/cve-2017-13736 镜像层: sha256:fd0567dc5f0046077aed9c61301cdbf95a9333d1b8f283f95eb4363a2a9c89a8 发布日期: 2017-08-29 06:29 修改: 2023-11-07 02:38
ncurses-base	CVE-2023-45918	低危	6.2-0ubuntu2.1		ncurses: NULL pointer dereference in tgetstr in tinfo/lib_termcap.c 漏洞详情: https://avd.aquasec.com/nvd/cve-2023-45918 镜像层: sha256:ec66d8cea54a2f4dfbbd8342ce082503bf8541e996a800c0d724b8dd2fea7f6a 发布日期: 2024-02-16 22:15 修改: 2024-11-21 21:15
ncurses-base	CVE-2023-50495	低危	6.2-0ubuntu2.1		ncurses: segmentation fault via _nc_wrap_entry() 漏洞详情: https://avd.aquasec.com/nvd/cve-2023-50495 镜像层: sha256:ec66d8cea54a2f4dfbbd8342ce082503bf8541e996a800c0d724b8dd2fea7f6a 发布日期: 2023-12-12 15:15 修改: 2024-01-31 03:15
ncurses-bin	CVE-2023-45918	低危	6.2-0ubuntu2.1		ncurses: NULL pointer dereference in tgetstr in tinfo/lib_termcap.c 漏洞详情: https://avd.aquasec.com/nvd/cve-2023-45918 镜像层: sha256:ec66d8cea54a2f4dfbbd8342ce082503bf8541e996a800c0d724b8dd2fea7f6a 发布日期: 2024-02-16 22:15 修改: 2024-11-21 21:15
ncurses-bin	CVE-2023-50495	低危	6.2-0ubuntu2.1		ncurses: segmentation fault via _nc_wrap_entry() 漏洞详情: https://avd.aquasec.com/nvd/cve-2023-50495 镜像层: sha256:ec66d8cea54a2f4dfbbd8342ce082503bf8541e996a800c0d724b8dd2fea7f6a 发布日期: 2023-12-12 15:15 修改: 2024-01-31 03:15
libc-bin	CVE-2023-4806	低危	2.31-0ubuntu9.9	2.31-0ubuntu9.14	glibc: potential use-after-free in getaddrinfo() 漏洞详情: https://avd.aquasec.com/nvd/cve-2023-4806 镜像层: sha256:ec66d8cea54a2f4dfbbd8342ce082503bf8541e996a800c0d724b8dd2fea7f6a 发布日期: 2023-09-18 17:15 修改: 2024-09-16 14:15
libc-bin	CVE-2023-4813	低危	2.31-0ubuntu9.9	2.31-0ubuntu9.14	glibc: potential use-after-free in gaih_inet() 漏洞详情: https://avd.aquasec.com/nvd/cve-2023-4813 镜像层: sha256:ec66d8cea54a2f4dfbbd8342ce082503bf8541e996a800c0d724b8dd2fea7f6a 发布日期: 2023-09-12 22:15 修改: 2024-09-16 14:15
gnupg	CVE-2022-3219	低危	2.2.19-3ubuntu2.2		gnupg: denial of service issue (resource consumption) using compressed packets 漏洞详情: https://avd.aquasec.com/nvd/cve-2022-3219 镜像层: sha256:ea4a8e02c19d3109db71970f3ba902ff4a4c2b1e7f6c3054947e0d6e3dca38ce 发布日期: 2023-02-23 20:15 修改: 2023-05-26 16:31
openssh-client	CVE-2021-41617	低危	1:8.2p1-4ubuntu0.7	1:8.2p1-4ubuntu0.11	openssh: privilege escalation when AuthorizedKeysCommand or AuthorizedPrincipalsCommand are configured 漏洞详情: https://avd.aquasec.com/nvd/cve-2021-41617 镜像层: sha256:fd0567dc5f0046077aed9c61301cdbf95a9333d1b8f283f95eb4363a2a9c89a8 发布日期: 2021-09-26 19:15 修改: 2023-12-26 04:15
gnupg-l10n	CVE-2022-3219	低危	2.2.19-3ubuntu2.2		gnupg: denial of service issue (resource consumption) using compressed packets 漏洞详情: https://avd.aquasec.com/nvd/cve-2022-3219 镜像层: sha256:ea4a8e02c19d3109db71970f3ba902ff4a4c2b1e7f6c3054947e0d6e3dca38ce 发布日期: 2023-02-23 20:15 修改: 2023-05-26 16:31
libgssapi-krb5-2	CVE-2024-26458	低危	1.17-6ubuntu4.3		krb5: Memory leak at /krb5/src/lib/rpc/pmap_rmt.c 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-26458 镜像层: sha256:fd0567dc5f0046077aed9c61301cdbf95a9333d1b8f283f95eb4363a2a9c89a8 发布日期: 2024-02-29 01:44 修改: 2024-12-06 21:15
libgssapi-krb5-2	CVE-2024-26461	低危	1.17-6ubuntu4.3		krb5: Memory leak at /krb5/src/lib/gssapi/krb5/k5sealv3.c 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-26461 镜像层: sha256:fd0567dc5f0046077aed9c61301cdbf95a9333d1b8f283f95eb4363a2a9c89a8 发布日期: 2024-02-29 01:44 修改: 2024-08-14 16:35
openssh-server	CVE-2021-41617	低危	1:8.2p1-4ubuntu0.7	1:8.2p1-4ubuntu0.11	openssh: privilege escalation when AuthorizedKeysCommand or AuthorizedPrincipalsCommand are configured 漏洞详情: https://avd.aquasec.com/nvd/cve-2021-41617 镜像层: sha256:fd0567dc5f0046077aed9c61301cdbf95a9333d1b8f283f95eb4363a2a9c89a8 发布日期: 2021-09-26 19:15 修改: 2023-12-26 04:15
gnupg-utils	CVE-2022-3219	低危	2.2.19-3ubuntu2.2		gnupg: denial of service issue (resource consumption) using compressed packets 漏洞详情: https://avd.aquasec.com/nvd/cve-2022-3219 镜像层: sha256:ea4a8e02c19d3109db71970f3ba902ff4a4c2b1e7f6c3054947e0d6e3dca38ce 发布日期: 2023-02-23 20:15 修改: 2023-05-26 16:31
libpython3.8-minimal	CVE-2024-4032	低危	3.8.10-0ubuntu1~20.04.8	3.8.10-0ubuntu1~20.04.11	python: incorrect IPv4 and IPv6 private ranges 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-4032 镜像层: sha256:fd0567dc5f0046077aed9c61301cdbf95a9333d1b8f283f95eb4363a2a9c89a8 发布日期: 2024-06-17 15:15 修改: 2024-08-29 21:35
libpython3.8-minimal	CVE-2024-7592	低危	3.8.10-0ubuntu1~20.04.8	3.8.10-0ubuntu1~20.04.12	cpython: python: Uncontrolled CPU resource consumption when in http.cookies module 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-7592 镜像层: sha256:fd0567dc5f0046077aed9c61301cdbf95a9333d1b8f283f95eb4363a2a9c89a8 发布日期: 2024-08-19 19:15 修改: 2024-09-04 21:15
openssh-sftp-server	CVE-2021-41617	低危	1:8.2p1-4ubuntu0.7	1:8.2p1-4ubuntu0.11	openssh: privilege escalation when AuthorizedKeysCommand or AuthorizedPrincipalsCommand are configured 漏洞详情: https://avd.aquasec.com/nvd/cve-2021-41617 镜像层: sha256:fd0567dc5f0046077aed9c61301cdbf95a9333d1b8f283f95eb4363a2a9c89a8 发布日期: 2021-09-26 19:15 修改: 2023-12-26 04:15
openssl	CVE-2023-3446	低危	1.1.1f-1ubuntu2.19	1.1.1f-1ubuntu2.20	openssl: Excessive time spent checking DH keys and parameters 漏洞详情: https://avd.aquasec.com/nvd/cve-2023-3446 镜像层: sha256:ea4a8e02c19d3109db71970f3ba902ff4a4c2b1e7f6c3054947e0d6e3dca38ce 发布日期: 2023-07-19 12:15 修改: 2024-10-14 15:15
openssl	CVE-2023-3817	低危	1.1.1f-1ubuntu2.19	1.1.1f-1ubuntu2.20	OpenSSL: Excessive time spent checking DH q parameter value 漏洞详情: https://avd.aquasec.com/nvd/cve-2023-3817 镜像层: sha256:ea4a8e02c19d3109db71970f3ba902ff4a4c2b1e7f6c3054947e0d6e3dca38ce 发布日期: 2023-07-31 16:15 修改: 2024-10-14 15:15
openssl	CVE-2023-5678	低危	1.1.1f-1ubuntu2.19	1.1.1f-1ubuntu2.21	openssl: Generating excessively long X9.42 DH keys or checking excessively long X9.42 DH keys or parameters may be very slow 漏洞详情: https://avd.aquasec.com/nvd/cve-2023-5678 镜像层: sha256:ea4a8e02c19d3109db71970f3ba902ff4a4c2b1e7f6c3054947e0d6e3dca38ce 发布日期: 2023-11-06 16:15 修改: 2024-10-14 15:15
openssl	CVE-2024-0727	低危	1.1.1f-1ubuntu2.19	1.1.1f-1ubuntu2.21	openssl: denial of service via null dereference 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-0727 镜像层: sha256:ea4a8e02c19d3109db71970f3ba902ff4a4c2b1e7f6c3054947e0d6e3dca38ce 发布日期: 2024-01-26 09:15 修改: 2024-10-14 15:15
openssl	CVE-2024-2511	低危	1.1.1f-1ubuntu2.19	1.1.1f-1ubuntu2.23	openssl: Unbounded memory growth with session handling in TLSv1.3 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-2511 镜像层: sha256:ea4a8e02c19d3109db71970f3ba902ff4a4c2b1e7f6c3054947e0d6e3dca38ce 发布日期: 2024-04-08 14:15 修改: 2024-10-14 15:15
openssl	CVE-2024-4741	低危	1.1.1f-1ubuntu2.19	1.1.1f-1ubuntu2.23	openssl: Use After Free with SSL_free_buffers 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-4741 镜像层: sha256:ea4a8e02c19d3109db71970f3ba902ff4a4c2b1e7f6c3054947e0d6e3dca38ce 发布日期: 2024-11-13 11:15 修改: 2024-11-13 17:01
openssl	CVE-2024-5535	低危	1.1.1f-1ubuntu2.19	1.1.1f-1ubuntu2.23	openssl: SSL_select_next_proto buffer overread 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-5535 镜像层: sha256:ea4a8e02c19d3109db71970f3ba902ff4a4c2b1e7f6c3054947e0d6e3dca38ce 发布日期: 2024-06-27 11:15 修改: 2024-07-12 14:15
gnupg2	CVE-2022-3219	低危	2.2.19-3ubuntu2.2		gnupg: denial of service issue (resource consumption) using compressed packets 漏洞详情: https://avd.aquasec.com/nvd/cve-2022-3219 镜像层: sha256:ea4a8e02c19d3109db71970f3ba902ff4a4c2b1e7f6c3054947e0d6e3dca38ce 发布日期: 2023-02-23 20:15 修改: 2023-05-26 16:31
passwd	CVE-2013-4235	低危	1:4.8.1-1ubuntu5.20.04.4		shadow-utils: TOCTOU race conditions by copying and removing directory trees 漏洞详情: https://avd.aquasec.com/nvd/cve-2013-4235 镜像层: sha256:ec66d8cea54a2f4dfbbd8342ce082503bf8541e996a800c0d724b8dd2fea7f6a 发布日期: 2019-12-03 15:15 修改: 2023-02-13 00:28
passwd	CVE-2023-29383	低危	1:4.8.1-1ubuntu5.20.04.4		shadow: Improper input validation in shadow-utils package utility chfn 漏洞详情: https://avd.aquasec.com/nvd/cve-2023-29383 镜像层: sha256:ec66d8cea54a2f4dfbbd8342ce082503bf8541e996a800c0d724b8dd2fea7f6a 发布日期: 2023-04-14 22:15 修改: 2023-04-24 18:05
passwd	CVE-2023-4641	低危	1:4.8.1-1ubuntu5.20.04.4	1:4.8.1-1ubuntu5.20.04.5	shadow-utils: possible password leak during passwd(1) change 漏洞详情: https://avd.aquasec.com/nvd/cve-2023-4641 镜像层: sha256:ec66d8cea54a2f4dfbbd8342ce082503bf8541e996a800c0d724b8dd2fea7f6a 发布日期: 2023-12-27 16:15 修改: 2024-05-03 16:15
gpg	CVE-2022-3219	低危	2.2.19-3ubuntu2.2		gnupg: denial of service issue (resource consumption) using compressed packets 漏洞详情: https://avd.aquasec.com/nvd/cve-2022-3219 镜像层: sha256:ea4a8e02c19d3109db71970f3ba902ff4a4c2b1e7f6c3054947e0d6e3dca38ce 发布日期: 2023-02-23 20:15 修改: 2023-05-26 16:31
libc6	CVE-2016-20013	低危	2.31-0ubuntu9.9		漏洞详情: https://avd.aquasec.com/nvd/cve-2016-20013 镜像层: sha256:ec66d8cea54a2f4dfbbd8342ce082503bf8541e996a800c0d724b8dd2fea7f6a 发布日期: 2022-02-19 05:15 修改: 2022-03-03 16:43
libc6	CVE-2023-4806	低危	2.31-0ubuntu9.9	2.31-0ubuntu9.14	glibc: potential use-after-free in getaddrinfo() 漏洞详情: https://avd.aquasec.com/nvd/cve-2023-4806 镜像层: sha256:ec66d8cea54a2f4dfbbd8342ce082503bf8541e996a800c0d724b8dd2fea7f6a 发布日期: 2023-09-18 17:15 修改: 2024-09-16 14:15
libk5crypto3	CVE-2024-26458	低危	1.17-6ubuntu4.3		krb5: Memory leak at /krb5/src/lib/rpc/pmap_rmt.c 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-26458 镜像层: sha256:fd0567dc5f0046077aed9c61301cdbf95a9333d1b8f283f95eb4363a2a9c89a8 发布日期: 2024-02-29 01:44 修改: 2024-12-06 21:15
libk5crypto3	CVE-2024-26461	低危	1.17-6ubuntu4.3		krb5: Memory leak at /krb5/src/lib/gssapi/krb5/k5sealv3.c 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-26461 镜像层: sha256:fd0567dc5f0046077aed9c61301cdbf95a9333d1b8f283f95eb4363a2a9c89a8 发布日期: 2024-02-29 01:44 修改: 2024-08-14 16:35
libc6	CVE-2023-4813	低危	2.31-0ubuntu9.9	2.31-0ubuntu9.14	glibc: potential use-after-free in gaih_inet() 漏洞详情: https://avd.aquasec.com/nvd/cve-2023-4813 镜像层: sha256:ec66d8cea54a2f4dfbbd8342ce082503bf8541e996a800c0d724b8dd2fea7f6a 发布日期: 2023-09-12 22:15 修改: 2024-09-16 14:15
gpg-agent	CVE-2022-3219	低危	2.2.19-3ubuntu2.2		gnupg: denial of service issue (resource consumption) using compressed packets 漏洞详情: https://avd.aquasec.com/nvd/cve-2022-3219 镜像层: sha256:ea4a8e02c19d3109db71970f3ba902ff4a4c2b1e7f6c3054947e0d6e3dca38ce 发布日期: 2023-02-23 20:15 修改: 2023-05-26 16:31
gpg-wks-client	CVE-2022-3219	低危	2.2.19-3ubuntu2.2		gnupg: denial of service issue (resource consumption) using compressed packets 漏洞详情: https://avd.aquasec.com/nvd/cve-2022-3219 镜像层: sha256:ea4a8e02c19d3109db71970f3ba902ff4a4c2b1e7f6c3054947e0d6e3dca38ce 发布日期: 2023-02-23 20:15 修改: 2023-05-26 16:31
gpg-wks-server	CVE-2022-3219	低危	2.2.19-3ubuntu2.2		gnupg: denial of service issue (resource consumption) using compressed packets 漏洞详情: https://avd.aquasec.com/nvd/cve-2022-3219 镜像层: sha256:ea4a8e02c19d3109db71970f3ba902ff4a4c2b1e7f6c3054947e0d6e3dca38ce 发布日期: 2023-02-23 20:15 修改: 2023-05-26 16:31
libpython3.8-stdlib	CVE-2024-4032	低危	3.8.10-0ubuntu1~20.04.8	3.8.10-0ubuntu1~20.04.11	python: incorrect IPv4 and IPv6 private ranges 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-4032 镜像层: sha256:fd0567dc5f0046077aed9c61301cdbf95a9333d1b8f283f95eb4363a2a9c89a8 发布日期: 2024-06-17 15:15 修改: 2024-08-29 21:35
libpython3.8-stdlib	CVE-2024-7592	低危	3.8.10-0ubuntu1~20.04.8	3.8.10-0ubuntu1~20.04.12	cpython: python: Uncontrolled CPU resource consumption when in http.cookies module 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-7592 镜像层: sha256:fd0567dc5f0046077aed9c61301cdbf95a9333d1b8f283f95eb4363a2a9c89a8 发布日期: 2024-08-19 19:15 修改: 2024-09-04 21:15
libkrb5-3	CVE-2024-26458	低危	1.17-6ubuntu4.3		krb5: Memory leak at /krb5/src/lib/rpc/pmap_rmt.c 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-26458 镜像层: sha256:fd0567dc5f0046077aed9c61301cdbf95a9333d1b8f283f95eb4363a2a9c89a8 发布日期: 2024-02-29 01:44 修改: 2024-12-06 21:15
libkrb5-3	CVE-2024-26461	低危	1.17-6ubuntu4.3		krb5: Memory leak at /krb5/src/lib/gssapi/krb5/k5sealv3.c 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-26461 镜像层: sha256:fd0567dc5f0046077aed9c61301cdbf95a9333d1b8f283f95eb4363a2a9c89a8 发布日期: 2024-02-29 01:44 修改: 2024-08-14 16:35
procps	CVE-2023-4016	低危	2:3.3.16-1ubuntu2.3	2:3.3.16-1ubuntu2.4	procps: ps buffer overflow 漏洞详情: https://avd.aquasec.com/nvd/cve-2023-4016 镜像层: sha256:ec66d8cea54a2f4dfbbd8342ce082503bf8541e996a800c0d724b8dd2fea7f6a 发布日期: 2023-08-02 05:15 修改: 2023-12-15 18:19
gpgconf	CVE-2022-3219	低危	2.2.19-3ubuntu2.2		gnupg: denial of service issue (resource consumption) using compressed packets 漏洞详情: https://avd.aquasec.com/nvd/cve-2022-3219 镜像层: sha256:ea4a8e02c19d3109db71970f3ba902ff4a4c2b1e7f6c3054947e0d6e3dca38ce 发布日期: 2023-02-23 20:15 修改: 2023-05-26 16:31
libcurl4	CVE-2023-28321	低危	7.68.0-1ubuntu2.18	7.68.0-1ubuntu2.19	curl: IDN wildcard match may lead to Improper Cerificate Validation 漏洞详情: https://avd.aquasec.com/nvd/cve-2023-28321 镜像层: sha256:fd0567dc5f0046077aed9c61301cdbf95a9333d1b8f283f95eb4363a2a9c89a8 发布日期: 2023-05-26 21:15 修改: 2025-01-15 16:15
libcurl4	CVE-2023-28322	低危	7.68.0-1ubuntu2.18	7.68.0-1ubuntu2.19	curl: more POST-after-PUT confusion 漏洞详情: https://avd.aquasec.com/nvd/cve-2023-28322 镜像层: sha256:fd0567dc5f0046077aed9c61301cdbf95a9333d1b8f283f95eb4363a2a9c89a8 发布日期: 2023-05-26 21:15 修改: 2023-12-22 16:15
libssl1.1	CVE-2023-3446	低危	1.1.1f-1ubuntu2.19	1.1.1f-1ubuntu2.20	openssl: Excessive time spent checking DH keys and parameters 漏洞详情: https://avd.aquasec.com/nvd/cve-2023-3446 镜像层: sha256:ea4a8e02c19d3109db71970f3ba902ff4a4c2b1e7f6c3054947e0d6e3dca38ce 发布日期: 2023-07-19 12:15 修改: 2024-10-14 15:15
libssl1.1	CVE-2023-3817	低危	1.1.1f-1ubuntu2.19	1.1.1f-1ubuntu2.20	OpenSSL: Excessive time spent checking DH q parameter value 漏洞详情: https://avd.aquasec.com/nvd/cve-2023-3817 镜像层: sha256:ea4a8e02c19d3109db71970f3ba902ff4a4c2b1e7f6c3054947e0d6e3dca38ce 发布日期: 2023-07-31 16:15 修改: 2024-10-14 15:15
libssl1.1	CVE-2023-5678	低危	1.1.1f-1ubuntu2.19	1.1.1f-1ubuntu2.21	openssl: Generating excessively long X9.42 DH keys or checking excessively long X9.42 DH keys or parameters may be very slow 漏洞详情: https://avd.aquasec.com/nvd/cve-2023-5678 镜像层: sha256:ea4a8e02c19d3109db71970f3ba902ff4a4c2b1e7f6c3054947e0d6e3dca38ce 发布日期: 2023-11-06 16:15 修改: 2024-10-14 15:15
libssl1.1	CVE-2024-0727	低危	1.1.1f-1ubuntu2.19	1.1.1f-1ubuntu2.21	openssl: denial of service via null dereference 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-0727 镜像层: sha256:ea4a8e02c19d3109db71970f3ba902ff4a4c2b1e7f6c3054947e0d6e3dca38ce 发布日期: 2024-01-26 09:15 修改: 2024-10-14 15:15
libssl1.1	CVE-2024-2511	低危	1.1.1f-1ubuntu2.19	1.1.1f-1ubuntu2.23	openssl: Unbounded memory growth with session handling in TLSv1.3 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-2511 镜像层: sha256:ea4a8e02c19d3109db71970f3ba902ff4a4c2b1e7f6c3054947e0d6e3dca38ce 发布日期: 2024-04-08 14:15 修改: 2024-10-14 15:15
libssl1.1	CVE-2024-4741	低危	1.1.1f-1ubuntu2.19	1.1.1f-1ubuntu2.23	openssl: Use After Free with SSL_free_buffers 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-4741 镜像层: sha256:ea4a8e02c19d3109db71970f3ba902ff4a4c2b1e7f6c3054947e0d6e3dca38ce 发布日期: 2024-11-13 11:15 修改: 2024-11-13 17:01
libssl1.1	CVE-2024-5535	低危	1.1.1f-1ubuntu2.19	1.1.1f-1ubuntu2.23	openssl: SSL_select_next_proto buffer overread 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-5535 镜像层: sha256:ea4a8e02c19d3109db71970f3ba902ff4a4c2b1e7f6c3054947e0d6e3dca38ce 发布日期: 2024-06-27 11:15 修改: 2024-07-12 14:15
libsystemd0	CVE-2023-26604	低危	245.4-4ubuntu3.22		systemd: privilege escalation via the less pager 漏洞详情: https://avd.aquasec.com/nvd/cve-2023-26604 镜像层: sha256:ea4a8e02c19d3109db71970f3ba902ff4a4c2b1e7f6c3054947e0d6e3dca38ce 发布日期: 2023-03-03 16:15 修改: 2023-11-07 04:09
python3.8	CVE-2024-4032	低危	3.8.10-0ubuntu1~20.04.8	3.8.10-0ubuntu1~20.04.11	python: incorrect IPv4 and IPv6 private ranges 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-4032 镜像层: sha256:fd0567dc5f0046077aed9c61301cdbf95a9333d1b8f283f95eb4363a2a9c89a8 发布日期: 2024-06-17 15:15 修改: 2024-08-29 21:35
python3.8	CVE-2024-7592	低危	3.8.10-0ubuntu1~20.04.8	3.8.10-0ubuntu1~20.04.12	cpython: python: Uncontrolled CPU resource consumption when in http.cookies module 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-7592 镜像层: sha256:fd0567dc5f0046077aed9c61301cdbf95a9333d1b8f283f95eb4363a2a9c89a8 发布日期: 2024-08-19 19:15 修改: 2024-09-04 21:15
libsystemd0	CVE-2023-7008	低危	245.4-4ubuntu3.22		systemd-resolved: Unsigned name response in signed zone is not refused when DNSSEC=yes 漏洞详情: https://avd.aquasec.com/nvd/cve-2023-7008 镜像层: sha256:ea4a8e02c19d3109db71970f3ba902ff4a4c2b1e7f6c3054947e0d6e3dca38ce 发布日期: 2023-12-23 13:15 修改: 2024-11-22 12:15
libcurl4	CVE-2023-38546	低危	7.68.0-1ubuntu2.18	7.68.0-1ubuntu2.20	curl: cookie injection with none file 漏洞详情: https://avd.aquasec.com/nvd/cve-2023-38546 镜像层: sha256:fd0567dc5f0046077aed9c61301cdbf95a9333d1b8f283f95eb4363a2a9c89a8 发布日期: 2023-10-18 04:15 修改: 2024-07-09 14:15
libkrb5support0	CVE-2024-26458	低危	1.17-6ubuntu4.3		krb5: Memory leak at /krb5/src/lib/rpc/pmap_rmt.c 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-26458 镜像层: sha256:fd0567dc5f0046077aed9c61301cdbf95a9333d1b8f283f95eb4363a2a9c89a8 发布日期: 2024-02-29 01:44 修改: 2024-12-06 21:15
libkrb5support0	CVE-2024-26461	低危	1.17-6ubuntu4.3		krb5: Memory leak at /krb5/src/lib/gssapi/krb5/k5sealv3.c 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-26461 镜像层: sha256:fd0567dc5f0046077aed9c61301cdbf95a9333d1b8f283f95eb4363a2a9c89a8 发布日期: 2024-02-29 01:44 修改: 2024-08-14 16:35
libldap-2.4-2	CVE-2023-2953	低危	2.4.49+dfsg-2ubuntu1.9	2.4.49+dfsg-2ubuntu1.10	openldap: null pointer dereference in ber_memalloc_x function 漏洞详情: https://avd.aquasec.com/nvd/cve-2023-2953 镜像层: sha256:ea4a8e02c19d3109db71970f3ba902ff4a4c2b1e7f6c3054947e0d6e3dca38ce 发布日期: 2023-05-30 22:15 修改: 2025-01-10 22:15
libldap-common	CVE-2023-2953	低危	2.4.49+dfsg-2ubuntu1.9	2.4.49+dfsg-2ubuntu1.10	openldap: null pointer dereference in ber_memalloc_x function 漏洞详情: https://avd.aquasec.com/nvd/cve-2023-2953 镜像层: sha256:ea4a8e02c19d3109db71970f3ba902ff4a4c2b1e7f6c3054947e0d6e3dca38ce 发布日期: 2023-05-30 22:15 修改: 2025-01-10 22:15
libcurl4	CVE-2024-11053	低危	7.68.0-1ubuntu2.18	7.68.0-1ubuntu2.25	curl: curl netrc password leak 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-11053 镜像层: sha256:fd0567dc5f0046077aed9c61301cdbf95a9333d1b8f283f95eb4363a2a9c89a8 发布日期: 2024-12-11 08:15 修改: 2024-12-15 17:15
libncurses5	CVE-2023-45918	低危	6.2-0ubuntu2.1		ncurses: NULL pointer dereference in tgetstr in tinfo/lib_termcap.c 漏洞详情: https://avd.aquasec.com/nvd/cve-2023-45918 镜像层: sha256:fd0567dc5f0046077aed9c61301cdbf95a9333d1b8f283f95eb4363a2a9c89a8 发布日期: 2024-02-16 22:15 修改: 2024-11-21 21:15
libncurses5	CVE-2023-50495	低危	6.2-0ubuntu2.1		ncurses: segmentation fault via _nc_wrap_entry() 漏洞详情: https://avd.aquasec.com/nvd/cve-2023-50495 镜像层: sha256:fd0567dc5f0046077aed9c61301cdbf95a9333d1b8f283f95eb4363a2a9c89a8 发布日期: 2023-12-12 15:15 修改: 2024-01-31 03:15
libtiff5	CVE-2023-1916	低危	4.1.0+git191117-2ubuntu0.20.04.8	4.1.0+git191117-2ubuntu0.20.04.10	libtiff: out-of-bounds read in extractImageSection() in tools/tiffcrop.c 漏洞详情: https://avd.aquasec.com/nvd/cve-2023-1916 镜像层: sha256:fd0567dc5f0046077aed9c61301cdbf95a9333d1b8f283f95eb4363a2a9c89a8 发布日期: 2023-04-10 22:15 修改: 2023-12-23 07:15
python3.8-minimal	CVE-2024-4032	低危	3.8.10-0ubuntu1~20.04.8	3.8.10-0ubuntu1~20.04.11	python: incorrect IPv4 and IPv6 private ranges 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-4032 镜像层: sha256:fd0567dc5f0046077aed9c61301cdbf95a9333d1b8f283f95eb4363a2a9c89a8 发布日期: 2024-06-17 15:15 修改: 2024-08-29 21:35
python3.8-minimal	CVE-2024-7592	低危	3.8.10-0ubuntu1~20.04.8	3.8.10-0ubuntu1~20.04.12	cpython: python: Uncontrolled CPU resource consumption when in http.cookies module 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-7592 镜像层: sha256:fd0567dc5f0046077aed9c61301cdbf95a9333d1b8f283f95eb4363a2a9c89a8 发布日期: 2024-08-19 19:15 修改: 2024-09-04 21:15
libtiff5	CVE-2023-26965	低危	4.1.0+git191117-2ubuntu0.20.04.8	4.1.0+git191117-2ubuntu0.20.04.9	libtiff: heap-based use after free via a crafted TIFF image in loadImage() in tiffcrop.c 漏洞详情: https://avd.aquasec.com/nvd/cve-2023-26965 镜像层: sha256:fd0567dc5f0046077aed9c61301cdbf95a9333d1b8f283f95eb4363a2a9c89a8 发布日期: 2023-06-14 21:15 修改: 2025-01-06 17:15
libtiff5	CVE-2023-3164	低危	4.1.0+git191117-2ubuntu0.20.04.8	4.1.0+git191117-2ubuntu0.20.04.13	libtiff: heap-buffer-overflow in extractImageSection() 漏洞详情: https://avd.aquasec.com/nvd/cve-2023-3164 镜像层: sha256:fd0567dc5f0046077aed9c61301cdbf95a9333d1b8f283f95eb4363a2a9c89a8 发布日期: 2023-11-02 12:15 修改: 2024-03-08 19:38
libtiff5	CVE-2023-3316	低危	4.1.0+git191117-2ubuntu0.20.04.8	4.1.0+git191117-2ubuntu0.20.04.9	libtiff: tiffcrop: null pointer dereference in TIFFClose() 漏洞详情: https://avd.aquasec.com/nvd/cve-2023-3316 镜像层: sha256:fd0567dc5f0046077aed9c61301cdbf95a9333d1b8f283f95eb4363a2a9c89a8 发布日期: 2023-06-19 12:15 修改: 2023-08-01 02:15
libtiff5	CVE-2023-3576	低危	4.1.0+git191117-2ubuntu0.20.04.8	4.1.0+git191117-2ubuntu0.20.04.11	libtiff: memory leak in tiffcrop.c 漏洞详情: https://avd.aquasec.com/nvd/cve-2023-3576 镜像层: sha256:fd0567dc5f0046077aed9c61301cdbf95a9333d1b8f283f95eb4363a2a9c89a8 发布日期: 2023-10-04 19:15 修改: 2024-09-16 13:15
libtiff5	CVE-2023-6228	低危	4.1.0+git191117-2ubuntu0.20.04.8	4.1.0+git191117-2ubuntu0.20.04.12	libtiff: heap-based buffer overflow in cpStripToTile() in tools/tiffcp.c 漏洞详情: https://avd.aquasec.com/nvd/cve-2023-6228 镜像层: sha256:fd0567dc5f0046077aed9c61301cdbf95a9333d1b8f283f95eb4363a2a9c89a8 发布日期: 2023-12-18 14:15 修改: 2024-10-11 16:15
libtiff5	CVE-2023-6277	低危	4.1.0+git191117-2ubuntu0.20.04.8	4.1.0+git191117-2ubuntu0.20.04.12	libtiff: Out-of-memory in TIFFOpen via a craft file 漏洞详情: https://avd.aquasec.com/nvd/cve-2023-6277 镜像层: sha256:fd0567dc5f0046077aed9c61301cdbf95a9333d1b8f283f95eb4363a2a9c89a8 发布日期: 2023-11-24 19:15 修改: 2024-09-17 01:15
libtiff5	CVE-2024-6716	低危	4.1.0+git191117-2ubuntu0.20.04.8		漏洞详情: https://avd.aquasec.com/nvd/cve-2024-6716 镜像层: sha256:fd0567dc5f0046077aed9c61301cdbf95a9333d1b8f283f95eb4363a2a9c89a8 发布日期: 2024-07-15 15:15 修改: 2024-09-04 14:15
libtinfo5	CVE-2023-45918	低危	6.2-0ubuntu2.1		ncurses: NULL pointer dereference in tgetstr in tinfo/lib_termcap.c 漏洞详情: https://avd.aquasec.com/nvd/cve-2023-45918 镜像层: sha256:fd0567dc5f0046077aed9c61301cdbf95a9333d1b8f283f95eb4363a2a9c89a8 发布日期: 2024-02-16 22:15 修改: 2024-11-21 21:15
libtinfo5	CVE-2023-50495	低危	6.2-0ubuntu2.1		ncurses: segmentation fault via _nc_wrap_entry() 漏洞详情: https://avd.aquasec.com/nvd/cve-2023-50495 镜像层: sha256:fd0567dc5f0046077aed9c61301cdbf95a9333d1b8f283f95eb4363a2a9c89a8 发布日期: 2023-12-12 15:15 修改: 2024-01-31 03:15
libtinfo6	CVE-2023-45918	低危	6.2-0ubuntu2.1		ncurses: NULL pointer dereference in tgetstr in tinfo/lib_termcap.c 漏洞详情: https://avd.aquasec.com/nvd/cve-2023-45918 镜像层: sha256:ec66d8cea54a2f4dfbbd8342ce082503bf8541e996a800c0d724b8dd2fea7f6a 发布日期: 2024-02-16 22:15 修改: 2024-11-21 21:15
libtinfo6	CVE-2023-50495	低危	6.2-0ubuntu2.1		ncurses: segmentation fault via _nc_wrap_entry() 漏洞详情: https://avd.aquasec.com/nvd/cve-2023-50495 镜像层: sha256:ec66d8cea54a2f4dfbbd8342ce082503bf8541e996a800c0d724b8dd2fea7f6a 发布日期: 2023-12-12 15:15 修改: 2024-01-31 03:15
libudev1	CVE-2023-26604	低危	245.4-4ubuntu3.22		systemd: privilege escalation via the less pager 漏洞详情: https://avd.aquasec.com/nvd/cve-2023-26604 镜像层: sha256:ea4a8e02c19d3109db71970f3ba902ff4a4c2b1e7f6c3054947e0d6e3dca38ce 发布日期: 2023-03-03 16:15 修改: 2023-11-07 04:09
libudev1	CVE-2023-7008	低危	245.4-4ubuntu3.22		systemd-resolved: Unsigned name response in signed zone is not refused when DNSSEC=yes 漏洞详情: https://avd.aquasec.com/nvd/cve-2023-7008 镜像层: sha256:ea4a8e02c19d3109db71970f3ba902ff4a4c2b1e7f6c3054947e0d6e3dca38ce 发布日期: 2023-12-23 13:15 修改: 2024-11-22 12:15
libncurses6	CVE-2023-45918	低危	6.2-0ubuntu2.1		ncurses: NULL pointer dereference in tgetstr in tinfo/lib_termcap.c 漏洞详情: https://avd.aquasec.com/nvd/cve-2023-45918 镜像层: sha256:ec66d8cea54a2f4dfbbd8342ce082503bf8541e996a800c0d724b8dd2fea7f6a 发布日期: 2024-02-16 22:15 修改: 2024-11-21 21:15
libncurses6	CVE-2023-50495	低危	6.2-0ubuntu2.1		ncurses: segmentation fault via _nc_wrap_entry() 漏洞详情: https://avd.aquasec.com/nvd/cve-2023-50495 镜像层: sha256:ec66d8cea54a2f4dfbbd8342ce082503bf8541e996a800c0d724b8dd2fea7f6a 发布日期: 2023-12-12 15:15 修改: 2024-01-31 03:15
libncursesw6	CVE-2023-45918	低危	6.2-0ubuntu2.1		ncurses: NULL pointer dereference in tgetstr in tinfo/lib_termcap.c 漏洞详情: https://avd.aquasec.com/nvd/cve-2023-45918 镜像层: sha256:ec66d8cea54a2f4dfbbd8342ce082503bf8541e996a800c0d724b8dd2fea7f6a 发布日期: 2024-02-16 22:15 修改: 2024-11-21 21:15
libncursesw6	CVE-2023-50495	低危	6.2-0ubuntu2.1		ncurses: segmentation fault via _nc_wrap_entry() 漏洞详情: https://avd.aquasec.com/nvd/cve-2023-50495 镜像层: sha256:ec66d8cea54a2f4dfbbd8342ce082503bf8541e996a800c0d724b8dd2fea7f6a 发布日期: 2023-12-12 15:15 修改: 2024-01-31 03:15
gpgsm	CVE-2022-3219	低危	2.2.19-3ubuntu2.2		gnupg: denial of service issue (resource consumption) using compressed packets 漏洞详情: https://avd.aquasec.com/nvd/cve-2022-3219 镜像层: sha256:ea4a8e02c19d3109db71970f3ba902ff4a4c2b1e7f6c3054947e0d6e3dca38ce 发布日期: 2023-02-23 20:15 修改: 2023-05-26 16:31
libelf1	CVE-2021-33294	低危	0.176-1.1build1	0.176-1.1ubuntu0.1	elfutils: an infinite loop was found in the function handle_symtab in readelf.c which causes denial of service 漏洞详情: https://avd.aquasec.com/nvd/cve-2021-33294 镜像层: sha256:fd0567dc5f0046077aed9c61301cdbf95a9333d1b8f283f95eb4363a2a9c89a8 发布日期: 2023-07-18 14:15 修改: 2023-07-27 15:19

Java (jar)

低危漏洞:0

中危漏洞:0

高危漏洞:0

严重漏洞:0

软件包	漏洞	安全状态	安装版本	修复版本	漏洞信息

Node.js (node-pkg)

低危漏洞:2

中危漏洞:5

高危漏洞:13

严重漏洞:3

软件包	漏洞	安全状态	安装版本	修复版本	漏洞信息
handlebars	CVE-2019-19919	严重	1.0.0	4.3.0, 3.0.8	nodejs-handlebars: prototype pollution leading to remote code execution via crafted payloads 漏洞详情: https://avd.aquasec.com/nvd/cve-2019-19919 镜像层: sha256:1fefc1deaca61a920dcbe66f0e29db11a3afa054ccf89bc6b80e22b8b702a126 发布日期: 2019-12-20 23:15 修改: 2022-06-03 18:48
handlebars	CVE-2021-23369	严重	1.0.0	4.7.7	nodejs-handlebars: Remote code execution when compiling untrusted compile templates with strict:true option 漏洞详情: https://avd.aquasec.com/nvd/cve-2021-23369 镜像层: sha256:1fefc1deaca61a920dcbe66f0e29db11a3afa054ccf89bc6b80e22b8b702a126 发布日期: 2021-04-12 14:15 修改: 2021-06-08 13:54
handlebars	CVE-2021-23383	严重	1.0.0	4.7.7	nodejs-handlebars: Remote code execution when compiling untrusted compile templates with compat:true option 漏洞详情: https://avd.aquasec.com/nvd/cve-2021-23383 镜像层: sha256:1fefc1deaca61a920dcbe66f0e29db11a3afa054ccf89bc6b80e22b8b702a126 发布日期: 2021-05-04 09:15 修改: 2021-12-03 19:59
diff	GHSA-h6ch-v84p-w6p9	高危	1.0.0	3.5.0	Regular Expression Denial of Service (ReDoS) 漏洞详情: https://github.com/advisories/GHSA-h6ch-v84p-w6p9 镜像层: sha256:1fefc1deaca61a920dcbe66f0e29db11a3afa054ccf89bc6b80e22b8b702a126 发布日期: 0001-01-01 00:00 修改: 0001-01-01 00:00
handlebars	CVE-2019-20920	高危	1.0.0	3.0.8, 4.5.3	nodejs-handlebars: lookup helper fails to properly validate templates allowing for arbitrary JavaScript execution 漏洞详情: https://avd.aquasec.com/nvd/cve-2019-20920 镜像层: sha256:1fefc1deaca61a920dcbe66f0e29db11a3afa054ccf89bc6b80e22b8b702a126 发布日期: 2020-09-30 18:15 修改: 2020-10-15 17:35
handlebars	GHSA-2cf5-4w76-r9qv	高危	1.0.0	3.0.8, 4.5.2	Arbitrary Code Execution in handlebars 漏洞详情: https://github.com/advisories/GHSA-2cf5-4w76-r9qv 镜像层: sha256:1fefc1deaca61a920dcbe66f0e29db11a3afa054ccf89bc6b80e22b8b702a126 发布日期: 0001-01-01 00:00 修改: 0001-01-01 00:00
handlebars	GHSA-g9r4-xpmj-mj65	高危	1.0.0	3.0.8, 4.5.3	Prototype Pollution in handlebars 漏洞详情: https://github.com/advisories/GHSA-g9r4-xpmj-mj65 镜像层: sha256:1fefc1deaca61a920dcbe66f0e29db11a3afa054ccf89bc6b80e22b8b702a126 发布日期: 0001-01-01 00:00 修改: 0001-01-01 00:00
handlebars	GHSA-q2c6-c6pm-g3gh	高危	1.0.0	3.0.8, 4.5.3	Arbitrary Code Execution in handlebars 漏洞详情: https://github.com/advisories/GHSA-q2c6-c6pm-g3gh 镜像层: sha256:1fefc1deaca61a920dcbe66f0e29db11a3afa054ccf89bc6b80e22b8b702a126 发布日期: 0001-01-01 00:00 修改: 0001-01-01 00:00
handlebars	GHSA-q42p-pg8m-cqh6	高危	1.0.0	4.1.2, 4.0.14, 3.0.7	Prototype Pollution in handlebars 漏洞详情: https://github.com/advisories/GHSA-q42p-pg8m-cqh6 镜像层: sha256:1fefc1deaca61a920dcbe66f0e29db11a3afa054ccf89bc6b80e22b8b702a126 发布日期: 0001-01-01 00:00 修改: 0001-01-01 00:00
ini	CVE-2020-7788	高危	1.0.0	1.3.6	nodejs-ini: Prototype pollution via malicious INI file 漏洞详情: https://avd.aquasec.com/nvd/cve-2020-7788 镜像层: sha256:1fefc1deaca61a920dcbe66f0e29db11a3afa054ccf89bc6b80e22b8b702a126 发布日期: 2020-12-11 11:15 修改: 2022-12-02 19:40
json	CVE-2020-7712	高危	1.0.0	10.0.0	trentm/json vulnerable to command injection 漏洞详情: https://avd.aquasec.com/nvd/cve-2020-7712 镜像层: sha256:1fefc1deaca61a920dcbe66f0e29db11a3afa054ccf89bc6b80e22b8b702a126 发布日期: 2020-08-30 08:15 修改: 2023-11-07 03:26
npm	CVE-2018-7408	高危	1.0.1	5.7.1	Incorrect Permission Assignment for Critical Resource in NPM 漏洞详情: https://avd.aquasec.com/nvd/cve-2018-7408 镜像层: sha256:1fefc1deaca61a920dcbe66f0e29db11a3afa054ccf89bc6b80e22b8b702a126 发布日期: 2018-02-22 18:29 修改: 2019-10-03 00:03
npm	CVE-2019-16775	高危	1.0.1	6.13.3	npm: Symlink reference outside of node_modules folder through the bin field upon installation 漏洞详情: https://avd.aquasec.com/nvd/cve-2019-16775 镜像层: sha256:1fefc1deaca61a920dcbe66f0e29db11a3afa054ccf89bc6b80e22b8b702a126 发布日期: 2019-12-13 01:15 修改: 2023-11-07 03:05
npm	CVE-2019-16776	高危	1.0.1	6.13.3	npm: Arbitrary file write via constructed entry in the package.json bin field 漏洞详情: https://avd.aquasec.com/nvd/cve-2019-16776 镜像层: sha256:1fefc1deaca61a920dcbe66f0e29db11a3afa054ccf89bc6b80e22b8b702a126 发布日期: 2019-12-13 01:15 修改: 2023-11-07 03:05
npm	CVE-2019-16777	高危	1.0.1	6.13.4	npm: Global node_modules Binary Overwrite 漏洞详情: https://avd.aquasec.com/nvd/cve-2019-16777 镜像层: sha256:1fefc1deaca61a920dcbe66f0e29db11a3afa054ccf89bc6b80e22b8b702a126 发布日期: 2019-12-13 01:15 修改: 2023-11-07 03:05
pug	CVE-2021-21353	高危	1.0.0	3.0.1	pug: user provided objects as input to pug templates can achieve remote code execution 漏洞详情: https://avd.aquasec.com/nvd/cve-2021-21353 镜像层: sha256:1fefc1deaca61a920dcbe66f0e29db11a3afa054ccf89bc6b80e22b8b702a126 发布日期: 2021-03-03 02:15 修改: 2021-03-09 15:35
handlebars	NSWG-ECO-519	中危	1.0.0	>=4.6.0	Denial of Service 漏洞详情: https://hackerone.com/reports/726364 镜像层: sha256:1fefc1deaca61a920dcbe66f0e29db11a3afa054ccf89bc6b80e22b8b702a126 发布日期: 0001-01-01 00:00 修改: 0001-01-01 00:00
npm	CVE-2016-3956	中危	1.0.1	>= 2.15.1 <= 3.0.0, >= 3.8.3	npm: bearer token leak to non-registry hosts 漏洞详情: https://avd.aquasec.com/nvd/cve-2016-3956 镜像层: sha256:1fefc1deaca61a920dcbe66f0e29db11a3afa054ccf89bc6b80e22b8b702a126 发布日期: 2016-07-02 14:59 修改: 2021-06-15 16:30
npm	CVE-2020-15095	中危	1.0.1	6.14.6	npm: sensitive information exposure through logs 漏洞详情: https://avd.aquasec.com/nvd/cve-2020-15095 镜像层: sha256:1fefc1deaca61a920dcbe66f0e29db11a3afa054ccf89bc6b80e22b8b702a126 发布日期: 2020-07-07 19:15 修改: 2023-11-07 03:17
handlebars	CVE-2015-8861	中危	1.0.0	>=4.0.0	The handlebars package before 4.0.0 for Node.js allows remote attacker ... 漏洞详情: https://avd.aquasec.com/nvd/cve-2015-8861 镜像层: sha256:1fefc1deaca61a920dcbe66f0e29db11a3afa054ccf89bc6b80e22b8b702a126 发布日期: 2017-01-23 21:59 修改: 2020-04-22 12:54
pug	CVE-2024-36361	中危	1.0.0	3.0.3	Pug allows JavaScript code execution if an application accepts untrusted input 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-36361 镜像层: sha256:1fefc1deaca61a920dcbe66f0e29db11a3afa054ccf89bc6b80e22b8b702a126 发布日期: 2024-05-24 06:15 修改: 2024-08-02 04:17
markdown	GHSA-wx77-rp39-c6vg	低危	1.0.0		Regular Expression Denial of Service in markdown 漏洞详情: https://github.com/advisories/GHSA-wx77-rp39-c6vg 镜像层: sha256:1fefc1deaca61a920dcbe66f0e29db11a3afa054ccf89bc6b80e22b8b702a126 发布日期: 0001-01-01 00:00 修改: 0001-01-01 00:00
npm	CVE-2013-4116	低危	1.0.1	>=1.3.3	npm: Insecure temporary directory generation 漏洞详情: https://avd.aquasec.com/nvd/cve-2013-4116 镜像层: sha256:1fefc1deaca61a920dcbe66f0e29db11a3afa054ccf89bc6b80e22b8b702a126 发布日期: 2014-04-22 14:23 修改: 2020-10-14 13:21

Ruby (gemspec)

低危漏洞:5

中危漏洞:49

高危漏洞:15

严重漏洞:4

软件包	漏洞	安全状态	安装版本	修复版本	漏洞信息
omniauth-saml	CVE-2024-45409	严重	2.0.0	>= 1.10.5, < 2.0.0, ~> 2.1.2, >= 2.2.1	The Ruby SAML library is for implementing the client side of a SAML au ... 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-45409 镜像层: sha256:1fefc1deaca61a920dcbe66f0e29db11a3afa054ccf89bc6b80e22b8b702a126 发布日期: 2024-09-10 19:15 修改: 2024-09-20 14:13
omniauth-saml	GHSA-cvp8-5r8g-fhvq	严重	2.0.0	2.1.2, 1.10.5, 2.2.1	omniauth-saml vulnerable to Improper Verification of Cryptographic Signature 漏洞详情: https://github.com/advisories/GHSA-cvp8-5r8g-fhvq 镜像层: sha256:1fefc1deaca61a920dcbe66f0e29db11a3afa054ccf89bc6b80e22b8b702a126 发布日期: 0001-01-01 00:00 修改: 0001-01-01 00:00
ruby-saml	CVE-2024-45409	严重	1.13.0	~> 1.12.3, >= 1.17.0	The Ruby SAML library is for implementing the client side of a SAML au ... 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-45409 镜像层: sha256:1fefc1deaca61a920dcbe66f0e29db11a3afa054ccf89bc6b80e22b8b702a126 发布日期: 2024-09-10 19:15 修改: 2024-09-20 14:13
stringio	CVE-2024-27280	严重	3.0.1	>= 3.0.1.1	ruby: Buffer overread vulnerability in StringIO 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-27280 镜像层: sha256:1fefc1deaca61a920dcbe66f0e29db11a3afa054ccf89bc6b80e22b8b702a126 发布日期: 2024-05-14 15:11 修改: 2024-07-03 01:50
git	CVE-2022-47318	高危	1.11.0	>= 1.13.0	ruby-git: code injection vulnerability 漏洞详情: https://avd.aquasec.com/nvd/cve-2022-47318 镜像层: sha256:1fefc1deaca61a920dcbe66f0e29db11a3afa054ccf89bc6b80e22b8b702a126 发布日期: 2023-01-17 10:15 修改: 2023-11-07 03:56
google-protobuf	CVE-2024-7254	高危	3.22.3	~> 3.25.5, ~> 4.27.5, >= 4.28.2	protobuf: StackOverflow vulnerability in Protocol Buffers 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-7254 镜像层: sha256:1fefc1deaca61a920dcbe66f0e29db11a3afa054ccf89bc6b80e22b8b702a126 发布日期: 2024-09-19 01:15 修改: 2024-12-13 14:15
grpc	CVE-2023-1428	高危	1.42.0	>= 1.53.0	gRPC: Reachable Assertion 漏洞详情: https://avd.aquasec.com/nvd/cve-2023-1428 镜像层: sha256:1fefc1deaca61a920dcbe66f0e29db11a3afa054ccf89bc6b80e22b8b702a126 发布日期: 2023-06-09 11:15 修改: 2023-06-15 22:17
grpc	CVE-2023-32731	高危	1.42.0	>= 1.53.1	gRPC: sensitive information disclosure 漏洞详情: https://avd.aquasec.com/nvd/cve-2023-32731 镜像层: sha256:1fefc1deaca61a920dcbe66f0e29db11a3afa054ccf89bc6b80e22b8b702a126 发布日期: 2023-06-09 11:15 修改: 2023-06-15 22:18
grpc	CVE-2023-33953	高危	1.42.0	~> 1.53.2, ~> 1.54.3, ~> 1.55.2, >= 1.56.2	gRPC: hpack table accounting errors can lead to denial of service 漏洞详情: https://avd.aquasec.com/nvd/cve-2023-33953 镜像层: sha256:1fefc1deaca61a920dcbe66f0e29db11a3afa054ccf89bc6b80e22b8b702a126 发布日期: 2023-08-09 13:15 修改: 2023-08-17 14:15
RedCloth	CVE-2023-31606	高危	4.3.2	4.3.3	RedCloth: Regular expression denial of service in sanitize_html function 漏洞详情: https://avd.aquasec.com/nvd/cve-2023-31606 镜像层: sha256:1fefc1deaca61a920dcbe66f0e29db11a3afa054ccf89bc6b80e22b8b702a126 发布日期: 2023-06-06 17:15 修改: 2024-01-10 14:15
actionview	CVE-2023-23913	高危	6.1.7.2	~> 6.1.7.3, >= 7.0.4.3	rails: DOM Based Cross-site Scripting in rails-ujs for contenteditable HTML Elements 漏洞详情: https://avd.aquasec.com/nvd/cve-2023-23913 镜像层: sha256:1fefc1deaca61a920dcbe66f0e29db11a3afa054ccf89bc6b80e22b8b702a126 发布日期: 2025-01-09 01:15 修改: 2025-01-09 18:15
rexml	CVE-2024-49761	高危	3.2.5	>= 3.3.9	rexml: REXML ReDoS vulnerability 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-49761 镜像层: sha256:1fefc1deaca61a920dcbe66f0e29db11a3afa054ccf89bc6b80e22b8b702a126 发布日期: 2024-10-28 15:15 修改: 2024-12-27 16:15
rexml	CVE-2024-49761	高危	3.2.5	>= 3.3.9	rexml: REXML ReDoS vulnerability 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-49761 镜像层: sha256:1fefc1deaca61a920dcbe66f0e29db11a3afa054ccf89bc6b80e22b8b702a126 发布日期: 2024-10-28 15:15 修改: 2024-12-27 16:15
rexml	CVE-2024-49761	高危	3.2.5	>= 3.3.9	rexml: REXML ReDoS vulnerability 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-49761 镜像层: sha256:1fefc1deaca61a920dcbe66f0e29db11a3afa054ccf89bc6b80e22b8b702a126 发布日期: 2024-10-28 15:15 修改: 2024-12-27 16:15
commonmarker	GHSA-48wp-p9qv-4j64	高危	0.23.6	>= 0.23.9	Commonmarker vulnerable to to several quadratic complexity bugs that may lead to denial of service 漏洞详情: https://github.com/advisories/GHSA-48wp-p9qv-4j64 镜像层: sha256:1fefc1deaca61a920dcbe66f0e29db11a3afa054ccf89bc6b80e22b8b702a126 发布日期: 0001-01-01 00:00 修改: 0001-01-01 00:00
sanitize	CVE-2023-36823	高危	6.0.0	>= 6.0.2	Sanitize is an allowlist-based HTML and CSS sanitizer. Using carefully ... 漏洞详情: https://avd.aquasec.com/nvd/cve-2023-36823 镜像层: sha256:1fefc1deaca61a920dcbe66f0e29db11a3afa054ccf89bc6b80e22b8b702a126 发布日期: 2023-07-06 16:15 修改: 2023-12-22 15:15
git	CVE-2022-47318	高危	1.11.0	>= 1.13.0	ruby-git: code injection vulnerability 漏洞详情: https://avd.aquasec.com/nvd/cve-2022-47318 镜像层: sha256:1fefc1deaca61a920dcbe66f0e29db11a3afa054ccf89bc6b80e22b8b702a126 发布日期: 2023-01-17 10:15 修改: 2023-11-07 03:56
webrick	CVE-2024-47220	高危	1.7.0	>= 1.8.2	WEBrick: HTTP request smuggling 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-47220 镜像层: sha256:1fefc1deaca61a920dcbe66f0e29db11a3afa054ccf89bc6b80e22b8b702a126 发布日期: 2024-09-22 01:15 修改: 2025-01-09 18:15
webrick	CVE-2024-47220	高危	1.8.1	>= 1.8.2	WEBrick: HTTP request smuggling 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-47220 镜像层: sha256:1fefc1deaca61a920dcbe66f0e29db11a3afa054ccf89bc6b80e22b8b702a126 发布日期: 2024-09-22 01:15 修改: 2025-01-09 18:15
activestorage	CVE-2024-26144	中危	6.1.7.2	~> 6.1.7, >= 6.1.7.7, >= 7.0.8.1	rubygem-activestorage: Possible Sensitive Session Information Leak in Active Storage 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-26144 镜像层: sha256:1fefc1deaca61a920dcbe66f0e29db11a3afa054ccf89bc6b80e22b8b702a126 发布日期: 2024-02-27 16:15 修改: 2024-06-10 16:15
activesupport	CVE-2023-28120	中危	6.1.7.2	~> 6.1.7, >= 6.1.7.3, >= 7.0.4.3	rubygem-activesupport: Possible XSS in SafeBuffer#bytesplice 漏洞详情: https://avd.aquasec.com/nvd/cve-2023-28120 镜像层: sha256:1fefc1deaca61a920dcbe66f0e29db11a3afa054ccf89bc6b80e22b8b702a126 发布日期: 2025-01-09 01:15 修改: 2025-01-09 22:15
activesupport	CVE-2023-38037	中危	6.1.7.2	~> 6.1.7, >= 6.1.7.5, >= 7.0.7.1	rubygem-activesupport: File Disclosure of Locally Encrypted Files 漏洞详情: https://avd.aquasec.com/nvd/cve-2023-38037 镜像层: sha256:1fefc1deaca61a920dcbe66f0e29db11a3afa054ccf89bc6b80e22b8b702a126 发布日期: 2025-01-09 01:15 修改: 2025-01-09 22:15
carrierwave	CVE-2023-49090	中危	1.3.3	~> 2.2.5, >= 3.0.5	CarrierWave is a solution for file uploads for Rails, Sinatra and othe ... 漏洞详情: https://avd.aquasec.com/nvd/cve-2023-49090 镜像层: sha256:1fefc1deaca61a920dcbe66f0e29db11a3afa054ccf89bc6b80e22b8b702a126 发布日期: 2023-11-29 15:15 修改: 2023-12-05 16:25
grpc	CVE-2023-32732	中危	1.42.0	>= 1.53.0	gRPC: denial of service 漏洞详情: https://avd.aquasec.com/nvd/cve-2023-32732 镜像层: sha256:1fefc1deaca61a920dcbe66f0e29db11a3afa054ccf89bc6b80e22b8b702a126 发布日期: 2023-06-09 11:15 修改: 2023-08-02 16:43
httparty	CVE-2024-22049	中危	0.20.0	>= 0.21.0	httparty before 0.21.0 is vulnerable to an assumed-immutable web param ... 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-22049 镜像层: sha256:1fefc1deaca61a920dcbe66f0e29db11a3afa054ccf89bc6b80e22b8b702a126 发布日期: 2024-01-04 21:15 修改: 2024-01-23 19:15
httparty	CVE-2024-22049	中危	0.20.0	>= 0.21.0	httparty before 0.21.0 is vulnerable to an assumed-immutable web param ... 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-22049 镜像层: sha256:1fefc1deaca61a920dcbe66f0e29db11a3afa054ccf89bc6b80e22b8b702a126 发布日期: 2024-01-04 21:15 修改: 2024-01-23 19:15
httparty	GHSA-5pq7-52mg-hr42	中危	0.20.0	>= 0.21.0	httparty has multipart/form-data request tampering vulnerability 漏洞详情: https://github.com/advisories/GHSA-5pq7-52mg-hr42 镜像层: sha256:1fefc1deaca61a920dcbe66f0e29db11a3afa054ccf89bc6b80e22b8b702a126 发布日期: 0001-01-01 00:00 修改: 0001-01-01 00:00
httparty	GHSA-5pq7-52mg-hr42	中危	0.20.0	>= 0.21.0	httparty has multipart/form-data request tampering vulnerability 漏洞详情: https://github.com/advisories/GHSA-5pq7-52mg-hr42 镜像层: sha256:1fefc1deaca61a920dcbe66f0e29db11a3afa054ccf89bc6b80e22b8b702a126 发布日期: 0001-01-01 00:00 修改: 0001-01-01 00:00
json-jwt	CVE-2023-51774	中危	1.15.3	~> 1.15.3, >= 1.15.3.1, >= 1.16.6	json-jwt: bypass of identity checks via a sign/encryption confusion attack 漏洞详情: https://avd.aquasec.com/nvd/cve-2023-51774 镜像层: sha256:1fefc1deaca61a920dcbe66f0e29db11a3afa054ccf89bc6b80e22b8b702a126 发布日期: 2024-02-29 01:42 修改: 2024-08-26 20:35
nokogiri	GHSA-vcc3-rw6f-jv97	中危	1.14.3	1.15.6, 1.16.2	Use-after-free in libxml2 via Nokogiri::XML::Reader 漏洞详情: https://github.com/advisories/GHSA-vcc3-rw6f-jv97 镜像层: sha256:1fefc1deaca61a920dcbe66f0e29db11a3afa054ccf89bc6b80e22b8b702a126 发布日期: 0001-01-01 00:00 修改: 0001-01-01 00:00
nokogiri	GHSA-xc9x-jj77-9p9j	中危	1.14.3	~> 1.15.6, >= 1.16.2	Use-after-free in libxml2 via Nokogiri::XML::Reader 漏洞详情: https://github.com/advisories/GHSA-xc9x-jj77-9p9j 镜像层: sha256:1fefc1deaca61a920dcbe66f0e29db11a3afa054ccf89bc6b80e22b8b702a126 发布日期: 0001-01-01 00:00 修改: 0001-01-01 00:00
carrierwave	CVE-2024-29034	中危	1.3.3	~> 2.2.6, >= 3.0.7	CarrierWave content-Type allowlist bypass vulnerability which possibly leads to XSS remained 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-29034 镜像层: sha256:1fefc1deaca61a920dcbe66f0e29db11a3afa054ccf89bc6b80e22b8b702a126 发布日期: 2024-03-24 20:15 修改: 2024-03-25 01:51
actionpack	CVE-2024-28103	中危	6.1.7.2	~> 6.1.7, >= 6.1.7.8, ~> 7.0.8, >= 7.0.8.4, ~> 7.1.3, >= 7.1.3.4, >= 7.2.0.beta2	rubygem-actionpack: Missing security headers in Action Pack on non-HTML responses 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-28103 镜像层: sha256:1fefc1deaca61a920dcbe66f0e29db11a3afa054ccf89bc6b80e22b8b702a126 发布日期: 2024-06-04 20:15 修改: 2024-12-06 14:15
puma	CVE-2023-40175	中危	5.6.5	~> 5.6.7, >= 6.3.1	rubygem-puma: HTTP request smuggling when parsing chunked transfer encoding bodies and zero-length content-length headers 漏洞详情: https://avd.aquasec.com/nvd/cve-2023-40175 镜像层: sha256:1fefc1deaca61a920dcbe66f0e29db11a3afa054ccf89bc6b80e22b8b702a126 发布日期: 2023-08-18 22:15 修改: 2023-08-24 18:48
puma	CVE-2024-21647	中危	5.6.5	~> 5.6.8, >= 6.4.2	rubygem-puma: HTTP request smuggling when parsing chunked Transfer-Encoding Bodies 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-21647 镜像层: sha256:1fefc1deaca61a920dcbe66f0e29db11a3afa054ccf89bc6b80e22b8b702a126 发布日期: 2024-01-08 14:15 修改: 2024-01-11 17:31
puma	CVE-2024-45614	中危	5.6.5	~> 5.6.9, >= 6.4.3	rubygem-puma: Header normalization allows for client to clobber proxy set headers 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-45614 镜像层: sha256:1fefc1deaca61a920dcbe66f0e29db11a3afa054ccf89bc6b80e22b8b702a126 发布日期: 2024-09-19 23:15 修改: 2024-09-26 13:28
rack	CVE-2024-25126	中危	2.2.6.4	~> 2.2.8, >= 2.2.8.1, >= 3.0.9.1	rubygem-rack: Denial of Service Vulnerability in Rack Content-Type Parsing 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-25126 镜像层: sha256:1fefc1deaca61a920dcbe66f0e29db11a3afa054ccf89bc6b80e22b8b702a126 发布日期: 2024-02-29 00:15 修改: 2024-06-10 18:15
rack	CVE-2024-26141	中危	2.2.6.4	~> 2.2.8, >= 2.2.8.1, >= 3.0.9.1	rubygem-rack: Possible DoS Vulnerability with Range Header in Rack 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-26141 镜像层: sha256:1fefc1deaca61a920dcbe66f0e29db11a3afa054ccf89bc6b80e22b8b702a126 发布日期: 2024-02-29 00:15 修改: 2024-06-10 17:16
rack	CVE-2024-26146	中危	2.2.6.4	~> 2.0.9, >= 2.0.9.4, ~> 2.1.4, >= 2.1.4.4, ~> 2.2.8, >= 2.2.8.1, >= 3.0.9.1	rubygem-rack: Possible Denial of Service Vulnerability in Rack Header Parsing 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-26146 镜像层: sha256:1fefc1deaca61a920dcbe66f0e29db11a3afa054ccf89bc6b80e22b8b702a126 发布日期: 2024-02-29 00:15 修改: 2024-06-10 18:15
rdoc	CVE-2024-27281	中危	6.3.2	~> 6.3.4, >= 6.3.4.1, ~> 6.4.1, >= 6.4.1.1, >= 6.5.1.1	ruby: RCE vulnerability with .rdoc_options in RDoc 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-27281 镜像层: sha256:1fefc1deaca61a920dcbe66f0e29db11a3afa054ccf89bc6b80e22b8b702a126 发布日期: 2024-05-14 15:11 修改: 2024-08-20 14:35
rdoc	CVE-2024-27281	中危	6.3.3	~> 6.3.4, >= 6.3.4.1, ~> 6.4.1, >= 6.4.1.1, >= 6.5.1.1	ruby: RCE vulnerability with .rdoc_options in RDoc 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-27281 镜像层: sha256:1fefc1deaca61a920dcbe66f0e29db11a3afa054ccf89bc6b80e22b8b702a126 发布日期: 2024-05-14 15:11 修改: 2024-08-20 14:35
commonmarker	GHSA-636f-xm5j-pj9m	中危	0.23.6	>= 0.23.7	Several quadratic complexity bugs may lead to denial of service in Commonmarker 漏洞详情: https://github.com/advisories/GHSA-636f-xm5j-pj9m 镜像层: sha256:1fefc1deaca61a920dcbe66f0e29db11a3afa054ccf89bc6b80e22b8b702a126 发布日期: 0001-01-01 00:00 修改: 0001-01-01 00:00
commonmarker	GHSA-7vh7-fw88-wj87	中危	0.23.6	>= 0.23.10	Several quadratic complexity bugs may lead to denial of service in Commonmarker 漏洞详情: https://github.com/advisories/GHSA-7vh7-fw88-wj87 镜像层: sha256:1fefc1deaca61a920dcbe66f0e29db11a3afa054ccf89bc6b80e22b8b702a126 发布日期: 0001-01-01 00:00 修改: 0001-01-01 00:00
devise-two-factor	CVE-2024-8796	中危	4.0.2	>= 6.0.0	Under the default configuration, Devise-Two-Factor versions >= 2.2.0 & ... 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-8796 镜像层: sha256:1fefc1deaca61a920dcbe66f0e29db11a3afa054ccf89bc6b80e22b8b702a126 发布日期: 2024-09-17 18:15 修改: 2024-09-30 14:10
rexml	CVE-2024-35176	中危	3.2.5	>= 3.2.7	REXML: DoS parsing an XML with many `<`s in an attribute value 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-35176 镜像层: sha256:1fefc1deaca61a920dcbe66f0e29db11a3afa054ccf89bc6b80e22b8b702a126 发布日期: 2024-05-16 16:15 修改: 2024-05-17 18:36
rexml	CVE-2024-35176	中危	3.2.5	>= 3.2.7	REXML: DoS parsing an XML with many `<`s in an attribute value 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-35176 镜像层: sha256:1fefc1deaca61a920dcbe66f0e29db11a3afa054ccf89bc6b80e22b8b702a126 发布日期: 2024-05-16 16:15 修改: 2024-05-17 18:36
rexml	CVE-2024-35176	中危	3.2.5	>= 3.2.7	REXML: DoS parsing an XML with many `<`s in an attribute value 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-35176 镜像层: sha256:1fefc1deaca61a920dcbe66f0e29db11a3afa054ccf89bc6b80e22b8b702a126 发布日期: 2024-05-16 16:15 修改: 2024-05-17 18:36
rexml	CVE-2024-39908	中危	3.2.5	>= 3.3.2	rexml: DoS vulnerability in REXML 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-39908 镜像层: sha256:1fefc1deaca61a920dcbe66f0e29db11a3afa054ccf89bc6b80e22b8b702a126 发布日期: 2024-07-16 18:15 修改: 2025-01-17 20:15
rexml	CVE-2024-39908	中危	3.2.5	>= 3.3.2	rexml: DoS vulnerability in REXML 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-39908 镜像层: sha256:1fefc1deaca61a920dcbe66f0e29db11a3afa054ccf89bc6b80e22b8b702a126 发布日期: 2024-07-16 18:15 修改: 2025-01-17 20:15
rexml	CVE-2024-39908	中危	3.2.5	>= 3.3.2	rexml: DoS vulnerability in REXML 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-39908 镜像层: sha256:1fefc1deaca61a920dcbe66f0e29db11a3afa054ccf89bc6b80e22b8b702a126 发布日期: 2024-07-16 18:15 修改: 2025-01-17 20:15
rexml	CVE-2024-41123	中危	3.2.5	>= 3.3.3	rexml: rubygem-rexml: DoS when parsing an XML having many specific characters such as whitespace character, >] and ]> 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-41123 镜像层: sha256:1fefc1deaca61a920dcbe66f0e29db11a3afa054ccf89bc6b80e22b8b702a126 发布日期: 2024-08-01 15:15 修改: 2024-12-27 16:15
rexml	CVE-2024-41123	中危	3.2.5	>= 3.3.3	rexml: rubygem-rexml: DoS when parsing an XML having many specific characters such as whitespace character, >] and ]> 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-41123 镜像层: sha256:1fefc1deaca61a920dcbe66f0e29db11a3afa054ccf89bc6b80e22b8b702a126 发布日期: 2024-08-01 15:15 修改: 2024-12-27 16:15
rexml	CVE-2024-41123	中危	3.2.5	>= 3.3.3	rexml: rubygem-rexml: DoS when parsing an XML having many specific characters such as whitespace character, >] and ]> 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-41123 镜像层: sha256:1fefc1deaca61a920dcbe66f0e29db11a3afa054ccf89bc6b80e22b8b702a126 发布日期: 2024-08-01 15:15 修改: 2024-12-27 16:15
rexml	CVE-2024-41946	中危	3.2.5	>= 3.3.3	rexml: DoS vulnerability in REXML 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-41946 镜像层: sha256:1fefc1deaca61a920dcbe66f0e29db11a3afa054ccf89bc6b80e22b8b702a126 发布日期: 2024-08-01 15:15 修改: 2025-01-17 20:15
rexml	CVE-2024-41946	中危	3.2.5	>= 3.3.3	rexml: DoS vulnerability in REXML 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-41946 镜像层: sha256:1fefc1deaca61a920dcbe66f0e29db11a3afa054ccf89bc6b80e22b8b702a126 发布日期: 2024-08-01 15:15 修改: 2025-01-17 20:15
rexml	CVE-2024-41946	中危	3.2.5	>= 3.3.3	rexml: DoS vulnerability in REXML 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-41946 镜像层: sha256:1fefc1deaca61a920dcbe66f0e29db11a3afa054ccf89bc6b80e22b8b702a126 发布日期: 2024-08-01 15:15 修改: 2025-01-17 20:15
rexml	CVE-2024-43398	中危	3.2.5	>= 3.3.6	rexml: DoS vulnerability in REXML 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-43398 镜像层: sha256:1fefc1deaca61a920dcbe66f0e29db11a3afa054ccf89bc6b80e22b8b702a126 发布日期: 2024-08-22 15:15 修改: 2025-01-03 12:15
rexml	CVE-2024-43398	中危	3.2.5	>= 3.3.6	rexml: DoS vulnerability in REXML 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-43398 镜像层: sha256:1fefc1deaca61a920dcbe66f0e29db11a3afa054ccf89bc6b80e22b8b702a126 发布日期: 2024-08-22 15:15 修改: 2025-01-03 12:15
rexml	CVE-2024-43398	中危	3.2.5	>= 3.3.6	rexml: DoS vulnerability in REXML 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-43398 镜像层: sha256:1fefc1deaca61a920dcbe66f0e29db11a3afa054ccf89bc6b80e22b8b702a126 发布日期: 2024-08-22 15:15 修改: 2025-01-03 12:15
fugit	CVE-2024-43380	中危	1.8.1	>= 1.11.1	fugit: Improper input validation in "natural" parser may lead to DoS 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-43380 镜像层: sha256:1fefc1deaca61a920dcbe66f0e29db11a3afa054ccf89bc6b80e22b8b702a126 发布日期: 2024-08-19 15:15 修改: 2024-08-21 12:38
actionpack	CVE-2024-54133	中危	6.1.7.2	~> 7.0.8.7, ~> 7.1.5.1, ~> 7.2.2.1, >= 8.0.0.1	actionpack: Possible Content Security Policy bypass in Action Dispatch 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-54133 镜像层: sha256:1fefc1deaca61a920dcbe66f0e29db11a3afa054ccf89bc6b80e22b8b702a126 发布日期: 2024-12-10 23:15 修改: 2024-12-10 23:15
sanitize	CVE-2023-23627	中危	6.0.0	>= 6.0.1	Sanitize is an allowlist-based HTML and CSS sanitizer. Versions 5.0.0 ... 漏洞详情: https://avd.aquasec.com/nvd/cve-2023-23627 镜像层: sha256:1fefc1deaca61a920dcbe66f0e29db11a3afa054ccf89bc6b80e22b8b702a126 发布日期: 2023-01-28 00:15 修改: 2023-02-06 19:05
sidekiq	CVE-2023-26141	中危	6.5.7	~> 6.5.10, >= 7.1.3	sidekiq: DoS in dashboard-charts 漏洞详情: https://avd.aquasec.com/nvd/cve-2023-26141 镜像层: sha256:1fefc1deaca61a920dcbe66f0e29db11a3afa054ccf89bc6b80e22b8b702a126 发布日期: 2023-09-14 05:15 修改: 2024-09-25 19:35
actionpack	CVE-2023-28362	中危	6.1.7.2	~> 6.1.7.4, >= 7.0.5.1	actionpack: Possible XSS via User Supplied Values to redirect_to 漏洞详情: https://avd.aquasec.com/nvd/cve-2023-28362 镜像层: sha256:1fefc1deaca61a920dcbe66f0e29db11a3afa054ccf89bc6b80e22b8b702a126 发布日期: 2025-01-09 01:15 修改: 2025-01-09 22:15
uri	CVE-2023-36617	中危	0.10.2	~> 0.10.0.3, ~> 0.10.3, ~> 0.11.2, >= 0.12.2	rubygem-uri: ReDoS vulnerability - upstream's incomplete fix for CVE-2023-28755 漏洞详情: https://avd.aquasec.com/nvd/cve-2023-36617 镜像层: sha256:1fefc1deaca61a920dcbe66f0e29db11a3afa054ccf89bc6b80e22b8b702a126 发布日期: 2023-06-29 13:15 修改: 2024-05-04 03:15
view_component	CVE-2024-21636	中危	2.74.1	~> 2.83.0, >= 3.9.0	view_component Cross-site Scripting vulnerability 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-21636 镜像层: sha256:1fefc1deaca61a920dcbe66f0e29db11a3afa054ccf89bc6b80e22b8b702a126 发布日期: 2024-01-04 20:15 修改: 2024-01-10 15:45
git	CVE-2022-46648	中危	1.11.0	>= 1.13.0	ruby-git: code injection vulnerability 漏洞详情: https://avd.aquasec.com/nvd/cve-2022-46648 镜像层: sha256:1fefc1deaca61a920dcbe66f0e29db11a3afa054ccf89bc6b80e22b8b702a126 发布日期: 2023-01-17 10:15 修改: 2023-02-02 18:45
git	CVE-2022-46648	中危	1.11.0	>= 1.13.0	ruby-git: code injection vulnerability 漏洞详情: https://avd.aquasec.com/nvd/cve-2022-46648 镜像层: sha256:1fefc1deaca61a920dcbe66f0e29db11a3afa054ccf89bc6b80e22b8b702a126 发布日期: 2023-01-17 10:15 修改: 2023-02-02 18:45
actionpack	CVE-2024-41128	低危	6.1.7.2	~> 6.1.7.9, ~> 7.0.8.5, ~> 7.1.4, >= 7.1.4.1, >= 7.2.1.1	rubygem-actionpack: Possible ReDoS vulnerability in query parameter filtering in Action Dispatch 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-41128 镜像层: sha256:1fefc1deaca61a920dcbe66f0e29db11a3afa054ccf89bc6b80e22b8b702a126 发布日期: 2024-10-16 18:15 修改: 2024-10-18 12:53
actionpack	CVE-2024-47887	低危	6.1.7.2	~> 6.1.7.9, ~> 7.0.8.5, ~> 7.1.4, >= 7.1.4.1, >= 7.2.1.1	rubygem-actionpack: Possible ReDoS vulnerability in HTTP Token authentication in Action Controller 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-47887 镜像层: sha256:1fefc1deaca61a920dcbe66f0e29db11a3afa054ccf89bc6b80e22b8b702a126 发布日期: 2024-10-16 20:15 修改: 2024-10-18 12:53
nokogiri	GHSA-r95h-9x8f-r3f7	低危	1.14.3	>= 1.16.5	Nokogiri updates packaged libxml2 to v2.12.7 to resolve CVE-2024-34459 漏洞详情: https://github.com/advisories/GHSA-r95h-9x8f-r3f7 镜像层: sha256:1fefc1deaca61a920dcbe66f0e29db11a3afa054ccf89bc6b80e22b8b702a126 发布日期: 0001-01-01 00:00 修改: 0001-01-01 00:00
actiontext	CVE-2024-47888	低危	6.1.7.2	~> 6.1.7.9, ~> 7.0.8.5, ~> 7.1.4, >= 7.1.4.1, >= 7.2.1.1	rubygem-actiontext: Possible ReDoS vulnerability in plain_text_for_blockquote_node in Action Text 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-47888 镜像层: sha256:1fefc1deaca61a920dcbe66f0e29db11a3afa054ccf89bc6b80e22b8b702a126 发布日期: 2024-10-16 21:15 修改: 2024-10-18 12:53
actionmailer	CVE-2024-47889	低危	6.1.7.2	~> 6.1.7.9, ~> 7.0.8.5, ~> 7.1.4, >= 7.1.4.1, >= 7.2.1.1	rubygem-actionmailer: Possible ReDoS vulnerability in block_format in Action Mailer 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-47889 镜像层: sha256:1fefc1deaca61a920dcbe66f0e29db11a3afa054ccf89bc6b80e22b8b702a126 发布日期: 2024-10-16 21:15 修改: 2024-10-18 12:53

home/git/gitlab-shell/bin/check (gobinary)

低危漏洞:1

中危漏洞:21

高危漏洞:8

严重漏洞:1

软件包	漏洞	安全状态	安装版本	修复版本	漏洞信息
stdlib	CVE-2024-24790	严重	1.20.5	1.21.11, 1.22.4	golang: net/netip: Unexpected behavior from Is methods for IPv4-mapped IPv6 addresses 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-24790 镜像层: sha256:1fefc1deaca61a920dcbe66f0e29db11a3afa054ccf89bc6b80e22b8b702a126 发布日期: 2024-06-05 16:15 修改: 2024-09-03 18:35
golang.org/x/net	CVE-2023-39325	高危	v0.5.0	0.17.0	golang: net/http, x/net/http2: rapid stream resets can cause excessive work (CVE-2023-44487) 漏洞详情: https://avd.aquasec.com/nvd/cve-2023-39325 镜像层: sha256:1fefc1deaca61a920dcbe66f0e29db11a3afa054ccf89bc6b80e22b8b702a126 发布日期: 2023-10-11 22:15 修改: 2024-04-28 04:15
golang.org/x/net	CVE-2024-45338	高危	v0.5.0	0.33.0	golang.org/x/net/html: Non-linear parsing of case-insensitive content in golang.org/x/net/html 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-45338 镜像层: sha256:1fefc1deaca61a920dcbe66f0e29db11a3afa054ccf89bc6b80e22b8b702a126 发布日期: 2024-12-18 21:15 修改: 2024-12-31 20:16
google.golang.org/grpc	GHSA-m425-mq94-257g	高危	v1.53.0	1.56.3, 1.57.1, 1.58.3	gRPC-Go HTTP/2 Rapid Reset vulnerability 漏洞详情: https://github.com/advisories/GHSA-m425-mq94-257g 镜像层: sha256:1fefc1deaca61a920dcbe66f0e29db11a3afa054ccf89bc6b80e22b8b702a126 发布日期: 0001-01-01 00:00 修改: 0001-01-01 00:00
golang.org/x/net	CVE-2022-41723	高危	v0.5.0	0.7.0	golang.org/x/net/http2: avoid quadratic complexity in HPACK decoding 漏洞详情: https://avd.aquasec.com/nvd/cve-2022-41723 镜像层: sha256:1fefc1deaca61a920dcbe66f0e29db11a3afa054ccf89bc6b80e22b8b702a126 发布日期: 2023-02-28 18:15 修改: 2023-11-25 11:15
stdlib	CVE-2023-39325	高危	1.20.5	1.20.10, 1.21.3	golang: net/http, x/net/http2: rapid stream resets can cause excessive work (CVE-2023-44487) 漏洞详情: https://avd.aquasec.com/nvd/cve-2023-39325 镜像层: sha256:1fefc1deaca61a920dcbe66f0e29db11a3afa054ccf89bc6b80e22b8b702a126 发布日期: 2023-10-11 22:15 修改: 2024-04-28 04:15
stdlib	CVE-2023-45283	高危	1.20.5	1.20.11, 1.21.4, 1.20.12, 1.21.5	The filepath package does not recognize paths with a \??\ prefix as sp ... 漏洞详情: https://avd.aquasec.com/nvd/cve-2023-45283 镜像层: sha256:1fefc1deaca61a920dcbe66f0e29db11a3afa054ccf89bc6b80e22b8b702a126 发布日期: 2023-11-09 17:15 修改: 2023-12-14 10:15
stdlib	CVE-2023-45288	高危	1.20.5	1.21.9, 1.22.2	golang: net/http, x/net/http2: unlimited number of CONTINUATION frames causes DoS 漏洞详情: https://avd.aquasec.com/nvd/cve-2023-45288 镜像层: sha256:1fefc1deaca61a920dcbe66f0e29db11a3afa054ccf89bc6b80e22b8b702a126 发布日期: 2024-04-04 21:15 修改: 2024-08-26 21:35
stdlib	CVE-2024-34156	高危	1.20.5	1.22.7, 1.23.1	encoding/gob: golang: Calling Decoder.Decode on a message which contains deeply nested structures can cause a panic due to stack exhaustion 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-34156 镜像层: sha256:1fefc1deaca61a920dcbe66f0e29db11a3afa054ccf89bc6b80e22b8b702a126 发布日期: 2024-09-06 21:15 修改: 2024-09-09 15:35
google.golang.org/protobuf	CVE-2024-24786	中危	v1.28.1	1.33.0	golang-protobuf: encoding/protojson, internal/encoding/json: infinite loop in protojson.Unmarshal when unmarshaling certain forms of invalid JSON 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-24786 镜像层: sha256:1fefc1deaca61a920dcbe66f0e29db11a3afa054ccf89bc6b80e22b8b702a126 发布日期: 2024-03-05 23:15 修改: 2024-11-07 17:35
golang.org/x/net	CVE-2023-3978	中危	v0.5.0	0.13.0	golang.org/x/net/html: Cross site scripting 漏洞详情: https://avd.aquasec.com/nvd/cve-2023-3978 镜像层: sha256:1fefc1deaca61a920dcbe66f0e29db11a3afa054ccf89bc6b80e22b8b702a126 发布日期: 2023-08-02 20:15 修改: 2023-11-07 04:20
golang.org/x/net	CVE-2023-44487	中危	v0.5.0	0.17.0	HTTP/2: Multiple HTTP/2 enabled web servers are vulnerable to a DDoS attack (Rapid Reset Attack) 漏洞详情: https://avd.aquasec.com/nvd/cve-2023-44487 镜像层: sha256:1fefc1deaca61a920dcbe66f0e29db11a3afa054ccf89bc6b80e22b8b702a126 发布日期: 2023-10-10 14:15 修改: 2024-12-20 17:40
golang.org/x/net	CVE-2023-45288	中危	v0.5.0	0.23.0	golang: net/http, x/net/http2: unlimited number of CONTINUATION frames causes DoS 漏洞详情: https://avd.aquasec.com/nvd/cve-2023-45288 镜像层: sha256:1fefc1deaca61a920dcbe66f0e29db11a3afa054ccf89bc6b80e22b8b702a126 发布日期: 2024-04-04 21:15 修改: 2024-08-26 21:35
github.com/hashicorp/go-retryablehttp	CVE-2024-6104	中危	v0.7.1	0.7.7	go-retryablehttp: url might write sensitive information to log file 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-6104 镜像层: sha256:1fefc1deaca61a920dcbe66f0e29db11a3afa054ccf89bc6b80e22b8b702a126 发布日期: 2024-06-24 17:15 修改: 2024-06-26 17:19
google.golang.org/grpc	CVE-2023-44487	中危	v1.53.0	1.58.3, 1.57.1, 1.56.3	HTTP/2: Multiple HTTP/2 enabled web servers are vulnerable to a DDoS attack (Rapid Reset Attack) 漏洞详情: https://avd.aquasec.com/nvd/cve-2023-44487 镜像层: sha256:1fefc1deaca61a920dcbe66f0e29db11a3afa054ccf89bc6b80e22b8b702a126 发布日期: 2023-10-10 14:15 修改: 2024-12-20 17:40
stdlib	CVE-2023-29406	中危	1.20.5	1.19.11, 1.20.6	golang: net/http: insufficient sanitization of Host header 漏洞详情: https://avd.aquasec.com/nvd/cve-2023-29406 镜像层: sha256:1fefc1deaca61a920dcbe66f0e29db11a3afa054ccf89bc6b80e22b8b702a126 发布日期: 2023-07-11 20:15 修改: 2023-11-25 11:15
stdlib	CVE-2023-29409	中危	1.20.5	1.19.12, 1.20.7, 1.21.0-rc.4	golang: crypto/tls: slow verification of certificate chains containing large RSA keys 漏洞详情: https://avd.aquasec.com/nvd/cve-2023-29409 镜像层: sha256:1fefc1deaca61a920dcbe66f0e29db11a3afa054ccf89bc6b80e22b8b702a126 发布日期: 2023-08-02 20:15 修改: 2023-11-25 11:15
stdlib	CVE-2023-39318	中危	1.20.5	1.20.8, 1.21.1	golang: html/template: improper handling of HTML-like comments within script contexts 漏洞详情: https://avd.aquasec.com/nvd/cve-2023-39318 镜像层: sha256:1fefc1deaca61a920dcbe66f0e29db11a3afa054ccf89bc6b80e22b8b702a126 发布日期: 2023-09-08 17:15 修改: 2023-11-25 11:15
stdlib	CVE-2023-39319	中危	1.20.5	1.20.8, 1.21.1	golang: html/template: improper handling of special tags within script contexts 漏洞详情: https://avd.aquasec.com/nvd/cve-2023-39319 镜像层: sha256:1fefc1deaca61a920dcbe66f0e29db11a3afa054ccf89bc6b80e22b8b702a126 发布日期: 2023-09-08 17:15 修改: 2023-11-25 11:15
stdlib	CVE-2023-39326	中危	1.20.5	1.20.12, 1.21.5	golang: net/http/internal: Denial of Service (DoS) via Resource Consumption via HTTP requests 漏洞详情: https://avd.aquasec.com/nvd/cve-2023-39326 镜像层: sha256:1fefc1deaca61a920dcbe66f0e29db11a3afa054ccf89bc6b80e22b8b702a126 发布日期: 2023-12-06 17:15 修改: 2024-01-20 04:15
stdlib	CVE-2023-45284	中危	1.20.5	1.20.11, 1.21.4	On Windows, The IsLocal function does not correctly detect reserved de ... 漏洞详情: https://avd.aquasec.com/nvd/cve-2023-45284 镜像层: sha256:1fefc1deaca61a920dcbe66f0e29db11a3afa054ccf89bc6b80e22b8b702a126 发布日期: 2023-11-09 17:15 修改: 2024-09-03 19:35
stdlib	CVE-2023-45289	中危	1.20.5	1.21.8, 1.22.1	golang: net/http/cookiejar: incorrect forwarding of sensitive headers and cookies on HTTP redirect 漏洞详情: https://avd.aquasec.com/nvd/cve-2023-45289 镜像层: sha256:1fefc1deaca61a920dcbe66f0e29db11a3afa054ccf89bc6b80e22b8b702a126 发布日期: 2024-03-05 23:15 修改: 2024-11-04 19:35
stdlib	CVE-2023-45290	中危	1.20.5	1.21.8, 1.22.1	golang: net/http: golang: mime/multipart: golang: net/textproto: memory exhaustion in Request.ParseMultipartForm 漏洞详情: https://avd.aquasec.com/nvd/cve-2023-45290 镜像层: sha256:1fefc1deaca61a920dcbe66f0e29db11a3afa054ccf89bc6b80e22b8b702a126 发布日期: 2024-03-05 23:15 修改: 2024-11-07 11:35
stdlib	CVE-2024-24783	中危	1.20.5	1.21.8, 1.22.1	golang: crypto/x509: Verify panics on certificates with an unknown public key algorithm 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-24783 镜像层: sha256:1fefc1deaca61a920dcbe66f0e29db11a3afa054ccf89bc6b80e22b8b702a126 发布日期: 2024-03-05 23:15 修改: 2024-11-05 17:35
stdlib	CVE-2024-24784	中危	1.20.5	1.21.8, 1.22.1	golang: net/mail: comments in display names are incorrectly handled 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-24784 镜像层: sha256:1fefc1deaca61a920dcbe66f0e29db11a3afa054ccf89bc6b80e22b8b702a126 发布日期: 2024-03-05 23:15 修改: 2024-08-05 21:35
stdlib	CVE-2024-24785	中危	1.20.5	1.21.8, 1.22.1	golang: html/template: errors returned from MarshalJSON methods may break template escaping 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-24785 镜像层: sha256:1fefc1deaca61a920dcbe66f0e29db11a3afa054ccf89bc6b80e22b8b702a126 发布日期: 2024-03-05 23:15 修改: 2024-05-01 17:15
stdlib	CVE-2024-24789	中危	1.20.5	1.21.11, 1.22.4	golang: archive/zip: Incorrect handling of certain ZIP files 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-24789 镜像层: sha256:1fefc1deaca61a920dcbe66f0e29db11a3afa054ccf89bc6b80e22b8b702a126 发布日期: 2024-06-05 16:15 修改: 2024-07-03 01:48
stdlib	CVE-2024-24791	中危	1.20.5	1.21.12, 1.22.5	net/http: Denial of service due to improper 100-continue handling in net/http 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-24791 镜像层: sha256:1fefc1deaca61a920dcbe66f0e29db11a3afa054ccf89bc6b80e22b8b702a126 发布日期: 2024-07-02 22:15 修改: 2024-07-08 14:17
stdlib	CVE-2024-34155	中危	1.20.5	1.22.7, 1.23.1	go/parser: golang: Calling any of the Parse functions containing deeply nested literals can cause a panic/stack exhaustion 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-34155 镜像层: sha256:1fefc1deaca61a920dcbe66f0e29db11a3afa054ccf89bc6b80e22b8b702a126 发布日期: 2024-09-06 21:15 修改: 2024-11-04 17:35
stdlib	CVE-2024-34158	中危	1.20.5	1.22.7, 1.23.1	go/build/constraint: golang: Calling Parse on a "// +build" build tag line with deeply nested expressions can cause a panic due to stack exhaustion 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-34158 镜像层: sha256:1fefc1deaca61a920dcbe66f0e29db11a3afa054ccf89bc6b80e22b8b702a126 发布日期: 2024-09-06 21:15 修改: 2024-09-09 14:35
github.com/golang-jwt/jwt/v4	CVE-2024-51744	低危	v4.4.3	4.5.1	golang-jwt: Bad documentation of error handling in ParseWithClaims can lead to potentially dangerous situations in golang-jwt 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-51744 镜像层: sha256:1fefc1deaca61a920dcbe66f0e29db11a3afa054ccf89bc6b80e22b8b702a126 发布日期: 2024-11-04 22:15 修改: 2024-11-05 16:04

home/git/gitlab-shell/bin/gitlab-shell (gobinary)

低危漏洞:1

中危漏洞:21

高危漏洞:8

严重漏洞:1

软件包	漏洞	安全状态	安装版本	修复版本	漏洞信息
stdlib	CVE-2024-24790	严重	1.20.5	1.21.11, 1.22.4	golang: net/netip: Unexpected behavior from Is methods for IPv4-mapped IPv6 addresses 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-24790 镜像层: sha256:1fefc1deaca61a920dcbe66f0e29db11a3afa054ccf89bc6b80e22b8b702a126 发布日期: 2024-06-05 16:15 修改: 2024-09-03 18:35
golang.org/x/net	CVE-2023-39325	高危	v0.5.0	0.17.0	golang: net/http, x/net/http2: rapid stream resets can cause excessive work (CVE-2023-44487) 漏洞详情: https://avd.aquasec.com/nvd/cve-2023-39325 镜像层: sha256:1fefc1deaca61a920dcbe66f0e29db11a3afa054ccf89bc6b80e22b8b702a126 发布日期: 2023-10-11 22:15 修改: 2024-04-28 04:15
golang.org/x/net	CVE-2024-45338	高危	v0.5.0	0.33.0	golang.org/x/net/html: Non-linear parsing of case-insensitive content in golang.org/x/net/html 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-45338 镜像层: sha256:1fefc1deaca61a920dcbe66f0e29db11a3afa054ccf89bc6b80e22b8b702a126 发布日期: 2024-12-18 21:15 修改: 2024-12-31 20:16
google.golang.org/grpc	GHSA-m425-mq94-257g	高危	v1.53.0	1.56.3, 1.57.1, 1.58.3	gRPC-Go HTTP/2 Rapid Reset vulnerability 漏洞详情: https://github.com/advisories/GHSA-m425-mq94-257g 镜像层: sha256:1fefc1deaca61a920dcbe66f0e29db11a3afa054ccf89bc6b80e22b8b702a126 发布日期: 0001-01-01 00:00 修改: 0001-01-01 00:00
golang.org/x/net	CVE-2022-41723	高危	v0.5.0	0.7.0	golang.org/x/net/http2: avoid quadratic complexity in HPACK decoding 漏洞详情: https://avd.aquasec.com/nvd/cve-2022-41723 镜像层: sha256:1fefc1deaca61a920dcbe66f0e29db11a3afa054ccf89bc6b80e22b8b702a126 发布日期: 2023-02-28 18:15 修改: 2023-11-25 11:15
stdlib	CVE-2023-39325	高危	1.20.5	1.20.10, 1.21.3	golang: net/http, x/net/http2: rapid stream resets can cause excessive work (CVE-2023-44487) 漏洞详情: https://avd.aquasec.com/nvd/cve-2023-39325 镜像层: sha256:1fefc1deaca61a920dcbe66f0e29db11a3afa054ccf89bc6b80e22b8b702a126 发布日期: 2023-10-11 22:15 修改: 2024-04-28 04:15
stdlib	CVE-2023-45283	高危	1.20.5	1.20.11, 1.21.4, 1.20.12, 1.21.5	The filepath package does not recognize paths with a \??\ prefix as sp ... 漏洞详情: https://avd.aquasec.com/nvd/cve-2023-45283 镜像层: sha256:1fefc1deaca61a920dcbe66f0e29db11a3afa054ccf89bc6b80e22b8b702a126 发布日期: 2023-11-09 17:15 修改: 2023-12-14 10:15
stdlib	CVE-2023-45288	高危	1.20.5	1.21.9, 1.22.2	golang: net/http, x/net/http2: unlimited number of CONTINUATION frames causes DoS 漏洞详情: https://avd.aquasec.com/nvd/cve-2023-45288 镜像层: sha256:1fefc1deaca61a920dcbe66f0e29db11a3afa054ccf89bc6b80e22b8b702a126 发布日期: 2024-04-04 21:15 修改: 2024-08-26 21:35
stdlib	CVE-2024-34156	高危	1.20.5	1.22.7, 1.23.1	encoding/gob: golang: Calling Decoder.Decode on a message which contains deeply nested structures can cause a panic due to stack exhaustion 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-34156 镜像层: sha256:1fefc1deaca61a920dcbe66f0e29db11a3afa054ccf89bc6b80e22b8b702a126 发布日期: 2024-09-06 21:15 修改: 2024-09-09 15:35
google.golang.org/protobuf	CVE-2024-24786	中危	v1.28.1	1.33.0	golang-protobuf: encoding/protojson, internal/encoding/json: infinite loop in protojson.Unmarshal when unmarshaling certain forms of invalid JSON 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-24786 镜像层: sha256:1fefc1deaca61a920dcbe66f0e29db11a3afa054ccf89bc6b80e22b8b702a126 发布日期: 2024-03-05 23:15 修改: 2024-11-07 17:35
golang.org/x/net	CVE-2023-3978	中危	v0.5.0	0.13.0	golang.org/x/net/html: Cross site scripting 漏洞详情: https://avd.aquasec.com/nvd/cve-2023-3978 镜像层: sha256:1fefc1deaca61a920dcbe66f0e29db11a3afa054ccf89bc6b80e22b8b702a126 发布日期: 2023-08-02 20:15 修改: 2023-11-07 04:20
golang.org/x/net	CVE-2023-44487	中危	v0.5.0	0.17.0	HTTP/2: Multiple HTTP/2 enabled web servers are vulnerable to a DDoS attack (Rapid Reset Attack) 漏洞详情: https://avd.aquasec.com/nvd/cve-2023-44487 镜像层: sha256:1fefc1deaca61a920dcbe66f0e29db11a3afa054ccf89bc6b80e22b8b702a126 发布日期: 2023-10-10 14:15 修改: 2024-12-20 17:40
golang.org/x/net	CVE-2023-45288	中危	v0.5.0	0.23.0	golang: net/http, x/net/http2: unlimited number of CONTINUATION frames causes DoS 漏洞详情: https://avd.aquasec.com/nvd/cve-2023-45288 镜像层: sha256:1fefc1deaca61a920dcbe66f0e29db11a3afa054ccf89bc6b80e22b8b702a126 发布日期: 2024-04-04 21:15 修改: 2024-08-26 21:35
github.com/hashicorp/go-retryablehttp	CVE-2024-6104	中危	v0.7.1	0.7.7	go-retryablehttp: url might write sensitive information to log file 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-6104 镜像层: sha256:1fefc1deaca61a920dcbe66f0e29db11a3afa054ccf89bc6b80e22b8b702a126 发布日期: 2024-06-24 17:15 修改: 2024-06-26 17:19
google.golang.org/grpc	CVE-2023-44487	中危	v1.53.0	1.58.3, 1.57.1, 1.56.3	HTTP/2: Multiple HTTP/2 enabled web servers are vulnerable to a DDoS attack (Rapid Reset Attack) 漏洞详情: https://avd.aquasec.com/nvd/cve-2023-44487 镜像层: sha256:1fefc1deaca61a920dcbe66f0e29db11a3afa054ccf89bc6b80e22b8b702a126 发布日期: 2023-10-10 14:15 修改: 2024-12-20 17:40
stdlib	CVE-2023-29406	中危	1.20.5	1.19.11, 1.20.6	golang: net/http: insufficient sanitization of Host header 漏洞详情: https://avd.aquasec.com/nvd/cve-2023-29406 镜像层: sha256:1fefc1deaca61a920dcbe66f0e29db11a3afa054ccf89bc6b80e22b8b702a126 发布日期: 2023-07-11 20:15 修改: 2023-11-25 11:15
stdlib	CVE-2023-29409	中危	1.20.5	1.19.12, 1.20.7, 1.21.0-rc.4	golang: crypto/tls: slow verification of certificate chains containing large RSA keys 漏洞详情: https://avd.aquasec.com/nvd/cve-2023-29409 镜像层: sha256:1fefc1deaca61a920dcbe66f0e29db11a3afa054ccf89bc6b80e22b8b702a126 发布日期: 2023-08-02 20:15 修改: 2023-11-25 11:15
stdlib	CVE-2023-39318	中危	1.20.5	1.20.8, 1.21.1	golang: html/template: improper handling of HTML-like comments within script contexts 漏洞详情: https://avd.aquasec.com/nvd/cve-2023-39318 镜像层: sha256:1fefc1deaca61a920dcbe66f0e29db11a3afa054ccf89bc6b80e22b8b702a126 发布日期: 2023-09-08 17:15 修改: 2023-11-25 11:15
stdlib	CVE-2023-39319	中危	1.20.5	1.20.8, 1.21.1	golang: html/template: improper handling of special tags within script contexts 漏洞详情: https://avd.aquasec.com/nvd/cve-2023-39319 镜像层: sha256:1fefc1deaca61a920dcbe66f0e29db11a3afa054ccf89bc6b80e22b8b702a126 发布日期: 2023-09-08 17:15 修改: 2023-11-25 11:15
stdlib	CVE-2023-39326	中危	1.20.5	1.20.12, 1.21.5	golang: net/http/internal: Denial of Service (DoS) via Resource Consumption via HTTP requests 漏洞详情: https://avd.aquasec.com/nvd/cve-2023-39326 镜像层: sha256:1fefc1deaca61a920dcbe66f0e29db11a3afa054ccf89bc6b80e22b8b702a126 发布日期: 2023-12-06 17:15 修改: 2024-01-20 04:15
stdlib	CVE-2023-45284	中危	1.20.5	1.20.11, 1.21.4	On Windows, The IsLocal function does not correctly detect reserved de ... 漏洞详情: https://avd.aquasec.com/nvd/cve-2023-45284 镜像层: sha256:1fefc1deaca61a920dcbe66f0e29db11a3afa054ccf89bc6b80e22b8b702a126 发布日期: 2023-11-09 17:15 修改: 2024-09-03 19:35
stdlib	CVE-2023-45289	中危	1.20.5	1.21.8, 1.22.1	golang: net/http/cookiejar: incorrect forwarding of sensitive headers and cookies on HTTP redirect 漏洞详情: https://avd.aquasec.com/nvd/cve-2023-45289 镜像层: sha256:1fefc1deaca61a920dcbe66f0e29db11a3afa054ccf89bc6b80e22b8b702a126 发布日期: 2024-03-05 23:15 修改: 2024-11-04 19:35
stdlib	CVE-2023-45290	中危	1.20.5	1.21.8, 1.22.1	golang: net/http: golang: mime/multipart: golang: net/textproto: memory exhaustion in Request.ParseMultipartForm 漏洞详情: https://avd.aquasec.com/nvd/cve-2023-45290 镜像层: sha256:1fefc1deaca61a920dcbe66f0e29db11a3afa054ccf89bc6b80e22b8b702a126 发布日期: 2024-03-05 23:15 修改: 2024-11-07 11:35
stdlib	CVE-2024-24783	中危	1.20.5	1.21.8, 1.22.1	golang: crypto/x509: Verify panics on certificates with an unknown public key algorithm 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-24783 镜像层: sha256:1fefc1deaca61a920dcbe66f0e29db11a3afa054ccf89bc6b80e22b8b702a126 发布日期: 2024-03-05 23:15 修改: 2024-11-05 17:35
stdlib	CVE-2024-24784	中危	1.20.5	1.21.8, 1.22.1	golang: net/mail: comments in display names are incorrectly handled 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-24784 镜像层: sha256:1fefc1deaca61a920dcbe66f0e29db11a3afa054ccf89bc6b80e22b8b702a126 发布日期: 2024-03-05 23:15 修改: 2024-08-05 21:35
stdlib	CVE-2024-24785	中危	1.20.5	1.21.8, 1.22.1	golang: html/template: errors returned from MarshalJSON methods may break template escaping 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-24785 镜像层: sha256:1fefc1deaca61a920dcbe66f0e29db11a3afa054ccf89bc6b80e22b8b702a126 发布日期: 2024-03-05 23:15 修改: 2024-05-01 17:15
stdlib	CVE-2024-24789	中危	1.20.5	1.21.11, 1.22.4	golang: archive/zip: Incorrect handling of certain ZIP files 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-24789 镜像层: sha256:1fefc1deaca61a920dcbe66f0e29db11a3afa054ccf89bc6b80e22b8b702a126 发布日期: 2024-06-05 16:15 修改: 2024-07-03 01:48
stdlib	CVE-2024-24791	中危	1.20.5	1.21.12, 1.22.5	net/http: Denial of service due to improper 100-continue handling in net/http 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-24791 镜像层: sha256:1fefc1deaca61a920dcbe66f0e29db11a3afa054ccf89bc6b80e22b8b702a126 发布日期: 2024-07-02 22:15 修改: 2024-07-08 14:17
stdlib	CVE-2024-34155	中危	1.20.5	1.22.7, 1.23.1	go/parser: golang: Calling any of the Parse functions containing deeply nested literals can cause a panic/stack exhaustion 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-34155 镜像层: sha256:1fefc1deaca61a920dcbe66f0e29db11a3afa054ccf89bc6b80e22b8b702a126 发布日期: 2024-09-06 21:15 修改: 2024-11-04 17:35
stdlib	CVE-2024-34158	中危	1.20.5	1.22.7, 1.23.1	go/build/constraint: golang: Calling Parse on a "// +build" build tag line with deeply nested expressions can cause a panic due to stack exhaustion 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-34158 镜像层: sha256:1fefc1deaca61a920dcbe66f0e29db11a3afa054ccf89bc6b80e22b8b702a126 发布日期: 2024-09-06 21:15 修改: 2024-09-09 14:35
github.com/golang-jwt/jwt/v4	CVE-2024-51744	低危	v4.4.3	4.5.1	golang-jwt: Bad documentation of error handling in ParseWithClaims can lead to potentially dangerous situations in golang-jwt 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-51744 镜像层: sha256:1fefc1deaca61a920dcbe66f0e29db11a3afa054ccf89bc6b80e22b8b702a126 发布日期: 2024-11-04 22:15 修改: 2024-11-05 16:04

home/git/gitlab-shell/bin/gitlab-shell-authorized-keys-check (gobinary)

低危漏洞:1

中危漏洞:21

高危漏洞:8

严重漏洞:1

软件包	漏洞	安全状态	安装版本	修复版本	漏洞信息
stdlib	CVE-2024-24790	严重	1.20.5	1.21.11, 1.22.4	golang: net/netip: Unexpected behavior from Is methods for IPv4-mapped IPv6 addresses 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-24790 镜像层: sha256:1fefc1deaca61a920dcbe66f0e29db11a3afa054ccf89bc6b80e22b8b702a126 发布日期: 2024-06-05 16:15 修改: 2024-09-03 18:35
golang.org/x/net	CVE-2023-39325	高危	v0.5.0	0.17.0	golang: net/http, x/net/http2: rapid stream resets can cause excessive work (CVE-2023-44487) 漏洞详情: https://avd.aquasec.com/nvd/cve-2023-39325 镜像层: sha256:1fefc1deaca61a920dcbe66f0e29db11a3afa054ccf89bc6b80e22b8b702a126 发布日期: 2023-10-11 22:15 修改: 2024-04-28 04:15
golang.org/x/net	CVE-2024-45338	高危	v0.5.0	0.33.0	golang.org/x/net/html: Non-linear parsing of case-insensitive content in golang.org/x/net/html 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-45338 镜像层: sha256:1fefc1deaca61a920dcbe66f0e29db11a3afa054ccf89bc6b80e22b8b702a126 发布日期: 2024-12-18 21:15 修改: 2024-12-31 20:16
google.golang.org/grpc	GHSA-m425-mq94-257g	高危	v1.53.0	1.56.3, 1.57.1, 1.58.3	gRPC-Go HTTP/2 Rapid Reset vulnerability 漏洞详情: https://github.com/advisories/GHSA-m425-mq94-257g 镜像层: sha256:1fefc1deaca61a920dcbe66f0e29db11a3afa054ccf89bc6b80e22b8b702a126 发布日期: 0001-01-01 00:00 修改: 0001-01-01 00:00
golang.org/x/net	CVE-2022-41723	高危	v0.5.0	0.7.0	golang.org/x/net/http2: avoid quadratic complexity in HPACK decoding 漏洞详情: https://avd.aquasec.com/nvd/cve-2022-41723 镜像层: sha256:1fefc1deaca61a920dcbe66f0e29db11a3afa054ccf89bc6b80e22b8b702a126 发布日期: 2023-02-28 18:15 修改: 2023-11-25 11:15
stdlib	CVE-2023-39325	高危	1.20.5	1.20.10, 1.21.3	golang: net/http, x/net/http2: rapid stream resets can cause excessive work (CVE-2023-44487) 漏洞详情: https://avd.aquasec.com/nvd/cve-2023-39325 镜像层: sha256:1fefc1deaca61a920dcbe66f0e29db11a3afa054ccf89bc6b80e22b8b702a126 发布日期: 2023-10-11 22:15 修改: 2024-04-28 04:15
stdlib	CVE-2023-45283	高危	1.20.5	1.20.11, 1.21.4, 1.20.12, 1.21.5	The filepath package does not recognize paths with a \??\ prefix as sp ... 漏洞详情: https://avd.aquasec.com/nvd/cve-2023-45283 镜像层: sha256:1fefc1deaca61a920dcbe66f0e29db11a3afa054ccf89bc6b80e22b8b702a126 发布日期: 2023-11-09 17:15 修改: 2023-12-14 10:15
stdlib	CVE-2023-45288	高危	1.20.5	1.21.9, 1.22.2	golang: net/http, x/net/http2: unlimited number of CONTINUATION frames causes DoS 漏洞详情: https://avd.aquasec.com/nvd/cve-2023-45288 镜像层: sha256:1fefc1deaca61a920dcbe66f0e29db11a3afa054ccf89bc6b80e22b8b702a126 发布日期: 2024-04-04 21:15 修改: 2024-08-26 21:35
stdlib	CVE-2024-34156	高危	1.20.5	1.22.7, 1.23.1	encoding/gob: golang: Calling Decoder.Decode on a message which contains deeply nested structures can cause a panic due to stack exhaustion 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-34156 镜像层: sha256:1fefc1deaca61a920dcbe66f0e29db11a3afa054ccf89bc6b80e22b8b702a126 发布日期: 2024-09-06 21:15 修改: 2024-09-09 15:35
google.golang.org/protobuf	CVE-2024-24786	中危	v1.28.1	1.33.0	golang-protobuf: encoding/protojson, internal/encoding/json: infinite loop in protojson.Unmarshal when unmarshaling certain forms of invalid JSON 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-24786 镜像层: sha256:1fefc1deaca61a920dcbe66f0e29db11a3afa054ccf89bc6b80e22b8b702a126 发布日期: 2024-03-05 23:15 修改: 2024-11-07 17:35
golang.org/x/net	CVE-2023-3978	中危	v0.5.0	0.13.0	golang.org/x/net/html: Cross site scripting 漏洞详情: https://avd.aquasec.com/nvd/cve-2023-3978 镜像层: sha256:1fefc1deaca61a920dcbe66f0e29db11a3afa054ccf89bc6b80e22b8b702a126 发布日期: 2023-08-02 20:15 修改: 2023-11-07 04:20
golang.org/x/net	CVE-2023-44487	中危	v0.5.0	0.17.0	HTTP/2: Multiple HTTP/2 enabled web servers are vulnerable to a DDoS attack (Rapid Reset Attack) 漏洞详情: https://avd.aquasec.com/nvd/cve-2023-44487 镜像层: sha256:1fefc1deaca61a920dcbe66f0e29db11a3afa054ccf89bc6b80e22b8b702a126 发布日期: 2023-10-10 14:15 修改: 2024-12-20 17:40
golang.org/x/net	CVE-2023-45288	中危	v0.5.0	0.23.0	golang: net/http, x/net/http2: unlimited number of CONTINUATION frames causes DoS 漏洞详情: https://avd.aquasec.com/nvd/cve-2023-45288 镜像层: sha256:1fefc1deaca61a920dcbe66f0e29db11a3afa054ccf89bc6b80e22b8b702a126 发布日期: 2024-04-04 21:15 修改: 2024-08-26 21:35
github.com/hashicorp/go-retryablehttp	CVE-2024-6104	中危	v0.7.1	0.7.7	go-retryablehttp: url might write sensitive information to log file 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-6104 镜像层: sha256:1fefc1deaca61a920dcbe66f0e29db11a3afa054ccf89bc6b80e22b8b702a126 发布日期: 2024-06-24 17:15 修改: 2024-06-26 17:19
google.golang.org/grpc	CVE-2023-44487	中危	v1.53.0	1.58.3, 1.57.1, 1.56.3	HTTP/2: Multiple HTTP/2 enabled web servers are vulnerable to a DDoS attack (Rapid Reset Attack) 漏洞详情: https://avd.aquasec.com/nvd/cve-2023-44487 镜像层: sha256:1fefc1deaca61a920dcbe66f0e29db11a3afa054ccf89bc6b80e22b8b702a126 发布日期: 2023-10-10 14:15 修改: 2024-12-20 17:40
stdlib	CVE-2023-29406	中危	1.20.5	1.19.11, 1.20.6	golang: net/http: insufficient sanitization of Host header 漏洞详情: https://avd.aquasec.com/nvd/cve-2023-29406 镜像层: sha256:1fefc1deaca61a920dcbe66f0e29db11a3afa054ccf89bc6b80e22b8b702a126 发布日期: 2023-07-11 20:15 修改: 2023-11-25 11:15
stdlib	CVE-2023-29409	中危	1.20.5	1.19.12, 1.20.7, 1.21.0-rc.4	golang: crypto/tls: slow verification of certificate chains containing large RSA keys 漏洞详情: https://avd.aquasec.com/nvd/cve-2023-29409 镜像层: sha256:1fefc1deaca61a920dcbe66f0e29db11a3afa054ccf89bc6b80e22b8b702a126 发布日期: 2023-08-02 20:15 修改: 2023-11-25 11:15
stdlib	CVE-2023-39318	中危	1.20.5	1.20.8, 1.21.1	golang: html/template: improper handling of HTML-like comments within script contexts 漏洞详情: https://avd.aquasec.com/nvd/cve-2023-39318 镜像层: sha256:1fefc1deaca61a920dcbe66f0e29db11a3afa054ccf89bc6b80e22b8b702a126 发布日期: 2023-09-08 17:15 修改: 2023-11-25 11:15
stdlib	CVE-2023-39319	中危	1.20.5	1.20.8, 1.21.1	golang: html/template: improper handling of special tags within script contexts 漏洞详情: https://avd.aquasec.com/nvd/cve-2023-39319 镜像层: sha256:1fefc1deaca61a920dcbe66f0e29db11a3afa054ccf89bc6b80e22b8b702a126 发布日期: 2023-09-08 17:15 修改: 2023-11-25 11:15
stdlib	CVE-2023-39326	中危	1.20.5	1.20.12, 1.21.5	golang: net/http/internal: Denial of Service (DoS) via Resource Consumption via HTTP requests 漏洞详情: https://avd.aquasec.com/nvd/cve-2023-39326 镜像层: sha256:1fefc1deaca61a920dcbe66f0e29db11a3afa054ccf89bc6b80e22b8b702a126 发布日期: 2023-12-06 17:15 修改: 2024-01-20 04:15
stdlib	CVE-2023-45284	中危	1.20.5	1.20.11, 1.21.4	On Windows, The IsLocal function does not correctly detect reserved de ... 漏洞详情: https://avd.aquasec.com/nvd/cve-2023-45284 镜像层: sha256:1fefc1deaca61a920dcbe66f0e29db11a3afa054ccf89bc6b80e22b8b702a126 发布日期: 2023-11-09 17:15 修改: 2024-09-03 19:35
stdlib	CVE-2023-45289	中危	1.20.5	1.21.8, 1.22.1	golang: net/http/cookiejar: incorrect forwarding of sensitive headers and cookies on HTTP redirect 漏洞详情: https://avd.aquasec.com/nvd/cve-2023-45289 镜像层: sha256:1fefc1deaca61a920dcbe66f0e29db11a3afa054ccf89bc6b80e22b8b702a126 发布日期: 2024-03-05 23:15 修改: 2024-11-04 19:35
stdlib	CVE-2023-45290	中危	1.20.5	1.21.8, 1.22.1	golang: net/http: golang: mime/multipart: golang: net/textproto: memory exhaustion in Request.ParseMultipartForm 漏洞详情: https://avd.aquasec.com/nvd/cve-2023-45290 镜像层: sha256:1fefc1deaca61a920dcbe66f0e29db11a3afa054ccf89bc6b80e22b8b702a126 发布日期: 2024-03-05 23:15 修改: 2024-11-07 11:35
stdlib	CVE-2024-24783	中危	1.20.5	1.21.8, 1.22.1	golang: crypto/x509: Verify panics on certificates with an unknown public key algorithm 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-24783 镜像层: sha256:1fefc1deaca61a920dcbe66f0e29db11a3afa054ccf89bc6b80e22b8b702a126 发布日期: 2024-03-05 23:15 修改: 2024-11-05 17:35
stdlib	CVE-2024-24784	中危	1.20.5	1.21.8, 1.22.1	golang: net/mail: comments in display names are incorrectly handled 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-24784 镜像层: sha256:1fefc1deaca61a920dcbe66f0e29db11a3afa054ccf89bc6b80e22b8b702a126 发布日期: 2024-03-05 23:15 修改: 2024-08-05 21:35
stdlib	CVE-2024-24785	中危	1.20.5	1.21.8, 1.22.1	golang: html/template: errors returned from MarshalJSON methods may break template escaping 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-24785 镜像层: sha256:1fefc1deaca61a920dcbe66f0e29db11a3afa054ccf89bc6b80e22b8b702a126 发布日期: 2024-03-05 23:15 修改: 2024-05-01 17:15
stdlib	CVE-2024-24789	中危	1.20.5	1.21.11, 1.22.4	golang: archive/zip: Incorrect handling of certain ZIP files 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-24789 镜像层: sha256:1fefc1deaca61a920dcbe66f0e29db11a3afa054ccf89bc6b80e22b8b702a126 发布日期: 2024-06-05 16:15 修改: 2024-07-03 01:48
stdlib	CVE-2024-24791	中危	1.20.5	1.21.12, 1.22.5	net/http: Denial of service due to improper 100-continue handling in net/http 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-24791 镜像层: sha256:1fefc1deaca61a920dcbe66f0e29db11a3afa054ccf89bc6b80e22b8b702a126 发布日期: 2024-07-02 22:15 修改: 2024-07-08 14:17
stdlib	CVE-2024-34155	中危	1.20.5	1.22.7, 1.23.1	go/parser: golang: Calling any of the Parse functions containing deeply nested literals can cause a panic/stack exhaustion 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-34155 镜像层: sha256:1fefc1deaca61a920dcbe66f0e29db11a3afa054ccf89bc6b80e22b8b702a126 发布日期: 2024-09-06 21:15 修改: 2024-11-04 17:35
stdlib	CVE-2024-34158	中危	1.20.5	1.22.7, 1.23.1	go/build/constraint: golang: Calling Parse on a "// +build" build tag line with deeply nested expressions can cause a panic due to stack exhaustion 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-34158 镜像层: sha256:1fefc1deaca61a920dcbe66f0e29db11a3afa054ccf89bc6b80e22b8b702a126 发布日期: 2024-09-06 21:15 修改: 2024-09-09 14:35
github.com/golang-jwt/jwt/v4	CVE-2024-51744	低危	v4.4.3	4.5.1	golang-jwt: Bad documentation of error handling in ParseWithClaims can lead to potentially dangerous situations in golang-jwt 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-51744 镜像层: sha256:1fefc1deaca61a920dcbe66f0e29db11a3afa054ccf89bc6b80e22b8b702a126 发布日期: 2024-11-04 22:15 修改: 2024-11-05 16:04

home/git/gitlab-shell/bin/gitlab-shell-authorized-principals-check (gobinary)

低危漏洞:1

中危漏洞:21

高危漏洞:8

严重漏洞:1

软件包	漏洞	安全状态	安装版本	修复版本	漏洞信息
stdlib	CVE-2024-24790	严重	1.20.5	1.21.11, 1.22.4	golang: net/netip: Unexpected behavior from Is methods for IPv4-mapped IPv6 addresses 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-24790 镜像层: sha256:1fefc1deaca61a920dcbe66f0e29db11a3afa054ccf89bc6b80e22b8b702a126 发布日期: 2024-06-05 16:15 修改: 2024-09-03 18:35
golang.org/x/net	CVE-2023-39325	高危	v0.5.0	0.17.0	golang: net/http, x/net/http2: rapid stream resets can cause excessive work (CVE-2023-44487) 漏洞详情: https://avd.aquasec.com/nvd/cve-2023-39325 镜像层: sha256:1fefc1deaca61a920dcbe66f0e29db11a3afa054ccf89bc6b80e22b8b702a126 发布日期: 2023-10-11 22:15 修改: 2024-04-28 04:15
golang.org/x/net	CVE-2024-45338	高危	v0.5.0	0.33.0	golang.org/x/net/html: Non-linear parsing of case-insensitive content in golang.org/x/net/html 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-45338 镜像层: sha256:1fefc1deaca61a920dcbe66f0e29db11a3afa054ccf89bc6b80e22b8b702a126 发布日期: 2024-12-18 21:15 修改: 2024-12-31 20:16
google.golang.org/grpc	GHSA-m425-mq94-257g	高危	v1.53.0	1.56.3, 1.57.1, 1.58.3	gRPC-Go HTTP/2 Rapid Reset vulnerability 漏洞详情: https://github.com/advisories/GHSA-m425-mq94-257g 镜像层: sha256:1fefc1deaca61a920dcbe66f0e29db11a3afa054ccf89bc6b80e22b8b702a126 发布日期: 0001-01-01 00:00 修改: 0001-01-01 00:00
golang.org/x/net	CVE-2022-41723	高危	v0.5.0	0.7.0	golang.org/x/net/http2: avoid quadratic complexity in HPACK decoding 漏洞详情: https://avd.aquasec.com/nvd/cve-2022-41723 镜像层: sha256:1fefc1deaca61a920dcbe66f0e29db11a3afa054ccf89bc6b80e22b8b702a126 发布日期: 2023-02-28 18:15 修改: 2023-11-25 11:15
stdlib	CVE-2023-39325	高危	1.20.5	1.20.10, 1.21.3	golang: net/http, x/net/http2: rapid stream resets can cause excessive work (CVE-2023-44487) 漏洞详情: https://avd.aquasec.com/nvd/cve-2023-39325 镜像层: sha256:1fefc1deaca61a920dcbe66f0e29db11a3afa054ccf89bc6b80e22b8b702a126 发布日期: 2023-10-11 22:15 修改: 2024-04-28 04:15
stdlib	CVE-2023-45283	高危	1.20.5	1.20.11, 1.21.4, 1.20.12, 1.21.5	The filepath package does not recognize paths with a \??\ prefix as sp ... 漏洞详情: https://avd.aquasec.com/nvd/cve-2023-45283 镜像层: sha256:1fefc1deaca61a920dcbe66f0e29db11a3afa054ccf89bc6b80e22b8b702a126 发布日期: 2023-11-09 17:15 修改: 2023-12-14 10:15
stdlib	CVE-2023-45288	高危	1.20.5	1.21.9, 1.22.2	golang: net/http, x/net/http2: unlimited number of CONTINUATION frames causes DoS 漏洞详情: https://avd.aquasec.com/nvd/cve-2023-45288 镜像层: sha256:1fefc1deaca61a920dcbe66f0e29db11a3afa054ccf89bc6b80e22b8b702a126 发布日期: 2024-04-04 21:15 修改: 2024-08-26 21:35
stdlib	CVE-2024-34156	高危	1.20.5	1.22.7, 1.23.1	encoding/gob: golang: Calling Decoder.Decode on a message which contains deeply nested structures can cause a panic due to stack exhaustion 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-34156 镜像层: sha256:1fefc1deaca61a920dcbe66f0e29db11a3afa054ccf89bc6b80e22b8b702a126 发布日期: 2024-09-06 21:15 修改: 2024-09-09 15:35
google.golang.org/protobuf	CVE-2024-24786	中危	v1.28.1	1.33.0	golang-protobuf: encoding/protojson, internal/encoding/json: infinite loop in protojson.Unmarshal when unmarshaling certain forms of invalid JSON 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-24786 镜像层: sha256:1fefc1deaca61a920dcbe66f0e29db11a3afa054ccf89bc6b80e22b8b702a126 发布日期: 2024-03-05 23:15 修改: 2024-11-07 17:35
golang.org/x/net	CVE-2023-3978	中危	v0.5.0	0.13.0	golang.org/x/net/html: Cross site scripting 漏洞详情: https://avd.aquasec.com/nvd/cve-2023-3978 镜像层: sha256:1fefc1deaca61a920dcbe66f0e29db11a3afa054ccf89bc6b80e22b8b702a126 发布日期: 2023-08-02 20:15 修改: 2023-11-07 04:20
golang.org/x/net	CVE-2023-44487	中危	v0.5.0	0.17.0	HTTP/2: Multiple HTTP/2 enabled web servers are vulnerable to a DDoS attack (Rapid Reset Attack) 漏洞详情: https://avd.aquasec.com/nvd/cve-2023-44487 镜像层: sha256:1fefc1deaca61a920dcbe66f0e29db11a3afa054ccf89bc6b80e22b8b702a126 发布日期: 2023-10-10 14:15 修改: 2024-12-20 17:40
golang.org/x/net	CVE-2023-45288	中危	v0.5.0	0.23.0	golang: net/http, x/net/http2: unlimited number of CONTINUATION frames causes DoS 漏洞详情: https://avd.aquasec.com/nvd/cve-2023-45288 镜像层: sha256:1fefc1deaca61a920dcbe66f0e29db11a3afa054ccf89bc6b80e22b8b702a126 发布日期: 2024-04-04 21:15 修改: 2024-08-26 21:35
github.com/hashicorp/go-retryablehttp	CVE-2024-6104	中危	v0.7.1	0.7.7	go-retryablehttp: url might write sensitive information to log file 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-6104 镜像层: sha256:1fefc1deaca61a920dcbe66f0e29db11a3afa054ccf89bc6b80e22b8b702a126 发布日期: 2024-06-24 17:15 修改: 2024-06-26 17:19
google.golang.org/grpc	CVE-2023-44487	中危	v1.53.0	1.58.3, 1.57.1, 1.56.3	HTTP/2: Multiple HTTP/2 enabled web servers are vulnerable to a DDoS attack (Rapid Reset Attack) 漏洞详情: https://avd.aquasec.com/nvd/cve-2023-44487 镜像层: sha256:1fefc1deaca61a920dcbe66f0e29db11a3afa054ccf89bc6b80e22b8b702a126 发布日期: 2023-10-10 14:15 修改: 2024-12-20 17:40
stdlib	CVE-2023-29406	中危	1.20.5	1.19.11, 1.20.6	golang: net/http: insufficient sanitization of Host header 漏洞详情: https://avd.aquasec.com/nvd/cve-2023-29406 镜像层: sha256:1fefc1deaca61a920dcbe66f0e29db11a3afa054ccf89bc6b80e22b8b702a126 发布日期: 2023-07-11 20:15 修改: 2023-11-25 11:15
stdlib	CVE-2023-29409	中危	1.20.5	1.19.12, 1.20.7, 1.21.0-rc.4	golang: crypto/tls: slow verification of certificate chains containing large RSA keys 漏洞详情: https://avd.aquasec.com/nvd/cve-2023-29409 镜像层: sha256:1fefc1deaca61a920dcbe66f0e29db11a3afa054ccf89bc6b80e22b8b702a126 发布日期: 2023-08-02 20:15 修改: 2023-11-25 11:15
stdlib	CVE-2023-39318	中危	1.20.5	1.20.8, 1.21.1	golang: html/template: improper handling of HTML-like comments within script contexts 漏洞详情: https://avd.aquasec.com/nvd/cve-2023-39318 镜像层: sha256:1fefc1deaca61a920dcbe66f0e29db11a3afa054ccf89bc6b80e22b8b702a126 发布日期: 2023-09-08 17:15 修改: 2023-11-25 11:15
stdlib	CVE-2023-39319	中危	1.20.5	1.20.8, 1.21.1	golang: html/template: improper handling of special tags within script contexts 漏洞详情: https://avd.aquasec.com/nvd/cve-2023-39319 镜像层: sha256:1fefc1deaca61a920dcbe66f0e29db11a3afa054ccf89bc6b80e22b8b702a126 发布日期: 2023-09-08 17:15 修改: 2023-11-25 11:15
stdlib	CVE-2023-39326	中危	1.20.5	1.20.12, 1.21.5	golang: net/http/internal: Denial of Service (DoS) via Resource Consumption via HTTP requests 漏洞详情: https://avd.aquasec.com/nvd/cve-2023-39326 镜像层: sha256:1fefc1deaca61a920dcbe66f0e29db11a3afa054ccf89bc6b80e22b8b702a126 发布日期: 2023-12-06 17:15 修改: 2024-01-20 04:15
stdlib	CVE-2023-45284	中危	1.20.5	1.20.11, 1.21.4	On Windows, The IsLocal function does not correctly detect reserved de ... 漏洞详情: https://avd.aquasec.com/nvd/cve-2023-45284 镜像层: sha256:1fefc1deaca61a920dcbe66f0e29db11a3afa054ccf89bc6b80e22b8b702a126 发布日期: 2023-11-09 17:15 修改: 2024-09-03 19:35
stdlib	CVE-2023-45289	中危	1.20.5	1.21.8, 1.22.1	golang: net/http/cookiejar: incorrect forwarding of sensitive headers and cookies on HTTP redirect 漏洞详情: https://avd.aquasec.com/nvd/cve-2023-45289 镜像层: sha256:1fefc1deaca61a920dcbe66f0e29db11a3afa054ccf89bc6b80e22b8b702a126 发布日期: 2024-03-05 23:15 修改: 2024-11-04 19:35
stdlib	CVE-2023-45290	中危	1.20.5	1.21.8, 1.22.1	golang: net/http: golang: mime/multipart: golang: net/textproto: memory exhaustion in Request.ParseMultipartForm 漏洞详情: https://avd.aquasec.com/nvd/cve-2023-45290 镜像层: sha256:1fefc1deaca61a920dcbe66f0e29db11a3afa054ccf89bc6b80e22b8b702a126 发布日期: 2024-03-05 23:15 修改: 2024-11-07 11:35
stdlib	CVE-2024-24783	中危	1.20.5	1.21.8, 1.22.1	golang: crypto/x509: Verify panics on certificates with an unknown public key algorithm 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-24783 镜像层: sha256:1fefc1deaca61a920dcbe66f0e29db11a3afa054ccf89bc6b80e22b8b702a126 发布日期: 2024-03-05 23:15 修改: 2024-11-05 17:35
stdlib	CVE-2024-24784	中危	1.20.5	1.21.8, 1.22.1	golang: net/mail: comments in display names are incorrectly handled 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-24784 镜像层: sha256:1fefc1deaca61a920dcbe66f0e29db11a3afa054ccf89bc6b80e22b8b702a126 发布日期: 2024-03-05 23:15 修改: 2024-08-05 21:35
stdlib	CVE-2024-24785	中危	1.20.5	1.21.8, 1.22.1	golang: html/template: errors returned from MarshalJSON methods may break template escaping 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-24785 镜像层: sha256:1fefc1deaca61a920dcbe66f0e29db11a3afa054ccf89bc6b80e22b8b702a126 发布日期: 2024-03-05 23:15 修改: 2024-05-01 17:15
stdlib	CVE-2024-24789	中危	1.20.5	1.21.11, 1.22.4	golang: archive/zip: Incorrect handling of certain ZIP files 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-24789 镜像层: sha256:1fefc1deaca61a920dcbe66f0e29db11a3afa054ccf89bc6b80e22b8b702a126 发布日期: 2024-06-05 16:15 修改: 2024-07-03 01:48
stdlib	CVE-2024-24791	中危	1.20.5	1.21.12, 1.22.5	net/http: Denial of service due to improper 100-continue handling in net/http 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-24791 镜像层: sha256:1fefc1deaca61a920dcbe66f0e29db11a3afa054ccf89bc6b80e22b8b702a126 发布日期: 2024-07-02 22:15 修改: 2024-07-08 14:17
stdlib	CVE-2024-34155	中危	1.20.5	1.22.7, 1.23.1	go/parser: golang: Calling any of the Parse functions containing deeply nested literals can cause a panic/stack exhaustion 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-34155 镜像层: sha256:1fefc1deaca61a920dcbe66f0e29db11a3afa054ccf89bc6b80e22b8b702a126 发布日期: 2024-09-06 21:15 修改: 2024-11-04 17:35
stdlib	CVE-2024-34158	中危	1.20.5	1.22.7, 1.23.1	go/build/constraint: golang: Calling Parse on a "// +build" build tag line with deeply nested expressions can cause a panic due to stack exhaustion 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-34158 镜像层: sha256:1fefc1deaca61a920dcbe66f0e29db11a3afa054ccf89bc6b80e22b8b702a126 发布日期: 2024-09-06 21:15 修改: 2024-09-09 14:35
github.com/golang-jwt/jwt/v4	CVE-2024-51744	低危	v4.4.3	4.5.1	golang-jwt: Bad documentation of error handling in ParseWithClaims can lead to potentially dangerous situations in golang-jwt 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-51744 镜像层: sha256:1fefc1deaca61a920dcbe66f0e29db11a3afa054ccf89bc6b80e22b8b702a126 发布日期: 2024-11-04 22:15 修改: 2024-11-05 16:04

home/git/gitlab-shell/bin/gitlab-sshd (gobinary)

低危漏洞:1

中危漏洞:21

高危漏洞:8

严重漏洞:1

软件包	漏洞	安全状态	安装版本	修复版本	漏洞信息
stdlib	CVE-2024-24790	严重	1.20.5	1.21.11, 1.22.4	golang: net/netip: Unexpected behavior from Is methods for IPv4-mapped IPv6 addresses 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-24790 镜像层: sha256:1fefc1deaca61a920dcbe66f0e29db11a3afa054ccf89bc6b80e22b8b702a126 发布日期: 2024-06-05 16:15 修改: 2024-09-03 18:35
golang.org/x/net	CVE-2023-39325	高危	v0.5.0	0.17.0	golang: net/http, x/net/http2: rapid stream resets can cause excessive work (CVE-2023-44487) 漏洞详情: https://avd.aquasec.com/nvd/cve-2023-39325 镜像层: sha256:1fefc1deaca61a920dcbe66f0e29db11a3afa054ccf89bc6b80e22b8b702a126 发布日期: 2023-10-11 22:15 修改: 2024-04-28 04:15
golang.org/x/net	CVE-2024-45338	高危	v0.5.0	0.33.0	golang.org/x/net/html: Non-linear parsing of case-insensitive content in golang.org/x/net/html 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-45338 镜像层: sha256:1fefc1deaca61a920dcbe66f0e29db11a3afa054ccf89bc6b80e22b8b702a126 发布日期: 2024-12-18 21:15 修改: 2024-12-31 20:16
google.golang.org/grpc	GHSA-m425-mq94-257g	高危	v1.53.0	1.56.3, 1.57.1, 1.58.3	gRPC-Go HTTP/2 Rapid Reset vulnerability 漏洞详情: https://github.com/advisories/GHSA-m425-mq94-257g 镜像层: sha256:1fefc1deaca61a920dcbe66f0e29db11a3afa054ccf89bc6b80e22b8b702a126 发布日期: 0001-01-01 00:00 修改: 0001-01-01 00:00
golang.org/x/net	CVE-2022-41723	高危	v0.5.0	0.7.0	golang.org/x/net/http2: avoid quadratic complexity in HPACK decoding 漏洞详情: https://avd.aquasec.com/nvd/cve-2022-41723 镜像层: sha256:1fefc1deaca61a920dcbe66f0e29db11a3afa054ccf89bc6b80e22b8b702a126 发布日期: 2023-02-28 18:15 修改: 2023-11-25 11:15
stdlib	CVE-2023-39325	高危	1.20.5	1.20.10, 1.21.3	golang: net/http, x/net/http2: rapid stream resets can cause excessive work (CVE-2023-44487) 漏洞详情: https://avd.aquasec.com/nvd/cve-2023-39325 镜像层: sha256:1fefc1deaca61a920dcbe66f0e29db11a3afa054ccf89bc6b80e22b8b702a126 发布日期: 2023-10-11 22:15 修改: 2024-04-28 04:15
stdlib	CVE-2023-45283	高危	1.20.5	1.20.11, 1.21.4, 1.20.12, 1.21.5	The filepath package does not recognize paths with a \??\ prefix as sp ... 漏洞详情: https://avd.aquasec.com/nvd/cve-2023-45283 镜像层: sha256:1fefc1deaca61a920dcbe66f0e29db11a3afa054ccf89bc6b80e22b8b702a126 发布日期: 2023-11-09 17:15 修改: 2023-12-14 10:15
stdlib	CVE-2023-45288	高危	1.20.5	1.21.9, 1.22.2	golang: net/http, x/net/http2: unlimited number of CONTINUATION frames causes DoS 漏洞详情: https://avd.aquasec.com/nvd/cve-2023-45288 镜像层: sha256:1fefc1deaca61a920dcbe66f0e29db11a3afa054ccf89bc6b80e22b8b702a126 发布日期: 2024-04-04 21:15 修改: 2024-08-26 21:35
stdlib	CVE-2024-34156	高危	1.20.5	1.22.7, 1.23.1	encoding/gob: golang: Calling Decoder.Decode on a message which contains deeply nested structures can cause a panic due to stack exhaustion 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-34156 镜像层: sha256:1fefc1deaca61a920dcbe66f0e29db11a3afa054ccf89bc6b80e22b8b702a126 发布日期: 2024-09-06 21:15 修改: 2024-09-09 15:35
google.golang.org/protobuf	CVE-2024-24786	中危	v1.28.1	1.33.0	golang-protobuf: encoding/protojson, internal/encoding/json: infinite loop in protojson.Unmarshal when unmarshaling certain forms of invalid JSON 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-24786 镜像层: sha256:1fefc1deaca61a920dcbe66f0e29db11a3afa054ccf89bc6b80e22b8b702a126 发布日期: 2024-03-05 23:15 修改: 2024-11-07 17:35
golang.org/x/net	CVE-2023-3978	中危	v0.5.0	0.13.0	golang.org/x/net/html: Cross site scripting 漏洞详情: https://avd.aquasec.com/nvd/cve-2023-3978 镜像层: sha256:1fefc1deaca61a920dcbe66f0e29db11a3afa054ccf89bc6b80e22b8b702a126 发布日期: 2023-08-02 20:15 修改: 2023-11-07 04:20
golang.org/x/net	CVE-2023-44487	中危	v0.5.0	0.17.0	HTTP/2: Multiple HTTP/2 enabled web servers are vulnerable to a DDoS attack (Rapid Reset Attack) 漏洞详情: https://avd.aquasec.com/nvd/cve-2023-44487 镜像层: sha256:1fefc1deaca61a920dcbe66f0e29db11a3afa054ccf89bc6b80e22b8b702a126 发布日期: 2023-10-10 14:15 修改: 2024-12-20 17:40
golang.org/x/net	CVE-2023-45288	中危	v0.5.0	0.23.0	golang: net/http, x/net/http2: unlimited number of CONTINUATION frames causes DoS 漏洞详情: https://avd.aquasec.com/nvd/cve-2023-45288 镜像层: sha256:1fefc1deaca61a920dcbe66f0e29db11a3afa054ccf89bc6b80e22b8b702a126 发布日期: 2024-04-04 21:15 修改: 2024-08-26 21:35
github.com/hashicorp/go-retryablehttp	CVE-2024-6104	中危	v0.7.1	0.7.7	go-retryablehttp: url might write sensitive information to log file 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-6104 镜像层: sha256:1fefc1deaca61a920dcbe66f0e29db11a3afa054ccf89bc6b80e22b8b702a126 发布日期: 2024-06-24 17:15 修改: 2024-06-26 17:19
google.golang.org/grpc	CVE-2023-44487	中危	v1.53.0	1.58.3, 1.57.1, 1.56.3	HTTP/2: Multiple HTTP/2 enabled web servers are vulnerable to a DDoS attack (Rapid Reset Attack) 漏洞详情: https://avd.aquasec.com/nvd/cve-2023-44487 镜像层: sha256:1fefc1deaca61a920dcbe66f0e29db11a3afa054ccf89bc6b80e22b8b702a126 发布日期: 2023-10-10 14:15 修改: 2024-12-20 17:40
stdlib	CVE-2023-29406	中危	1.20.5	1.19.11, 1.20.6	golang: net/http: insufficient sanitization of Host header 漏洞详情: https://avd.aquasec.com/nvd/cve-2023-29406 镜像层: sha256:1fefc1deaca61a920dcbe66f0e29db11a3afa054ccf89bc6b80e22b8b702a126 发布日期: 2023-07-11 20:15 修改: 2023-11-25 11:15
stdlib	CVE-2023-29409	中危	1.20.5	1.19.12, 1.20.7, 1.21.0-rc.4	golang: crypto/tls: slow verification of certificate chains containing large RSA keys 漏洞详情: https://avd.aquasec.com/nvd/cve-2023-29409 镜像层: sha256:1fefc1deaca61a920dcbe66f0e29db11a3afa054ccf89bc6b80e22b8b702a126 发布日期: 2023-08-02 20:15 修改: 2023-11-25 11:15
stdlib	CVE-2023-39318	中危	1.20.5	1.20.8, 1.21.1	golang: html/template: improper handling of HTML-like comments within script contexts 漏洞详情: https://avd.aquasec.com/nvd/cve-2023-39318 镜像层: sha256:1fefc1deaca61a920dcbe66f0e29db11a3afa054ccf89bc6b80e22b8b702a126 发布日期: 2023-09-08 17:15 修改: 2023-11-25 11:15
stdlib	CVE-2023-39319	中危	1.20.5	1.20.8, 1.21.1	golang: html/template: improper handling of special tags within script contexts 漏洞详情: https://avd.aquasec.com/nvd/cve-2023-39319 镜像层: sha256:1fefc1deaca61a920dcbe66f0e29db11a3afa054ccf89bc6b80e22b8b702a126 发布日期: 2023-09-08 17:15 修改: 2023-11-25 11:15
stdlib	CVE-2023-39326	中危	1.20.5	1.20.12, 1.21.5	golang: net/http/internal: Denial of Service (DoS) via Resource Consumption via HTTP requests 漏洞详情: https://avd.aquasec.com/nvd/cve-2023-39326 镜像层: sha256:1fefc1deaca61a920dcbe66f0e29db11a3afa054ccf89bc6b80e22b8b702a126 发布日期: 2023-12-06 17:15 修改: 2024-01-20 04:15
stdlib	CVE-2023-45284	中危	1.20.5	1.20.11, 1.21.4	On Windows, The IsLocal function does not correctly detect reserved de ... 漏洞详情: https://avd.aquasec.com/nvd/cve-2023-45284 镜像层: sha256:1fefc1deaca61a920dcbe66f0e29db11a3afa054ccf89bc6b80e22b8b702a126 发布日期: 2023-11-09 17:15 修改: 2024-09-03 19:35
stdlib	CVE-2023-45289	中危	1.20.5	1.21.8, 1.22.1	golang: net/http/cookiejar: incorrect forwarding of sensitive headers and cookies on HTTP redirect 漏洞详情: https://avd.aquasec.com/nvd/cve-2023-45289 镜像层: sha256:1fefc1deaca61a920dcbe66f0e29db11a3afa054ccf89bc6b80e22b8b702a126 发布日期: 2024-03-05 23:15 修改: 2024-11-04 19:35
stdlib	CVE-2023-45290	中危	1.20.5	1.21.8, 1.22.1	golang: net/http: golang: mime/multipart: golang: net/textproto: memory exhaustion in Request.ParseMultipartForm 漏洞详情: https://avd.aquasec.com/nvd/cve-2023-45290 镜像层: sha256:1fefc1deaca61a920dcbe66f0e29db11a3afa054ccf89bc6b80e22b8b702a126 发布日期: 2024-03-05 23:15 修改: 2024-11-07 11:35
stdlib	CVE-2024-24783	中危	1.20.5	1.21.8, 1.22.1	golang: crypto/x509: Verify panics on certificates with an unknown public key algorithm 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-24783 镜像层: sha256:1fefc1deaca61a920dcbe66f0e29db11a3afa054ccf89bc6b80e22b8b702a126 发布日期: 2024-03-05 23:15 修改: 2024-11-05 17:35
stdlib	CVE-2024-24784	中危	1.20.5	1.21.8, 1.22.1	golang: net/mail: comments in display names are incorrectly handled 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-24784 镜像层: sha256:1fefc1deaca61a920dcbe66f0e29db11a3afa054ccf89bc6b80e22b8b702a126 发布日期: 2024-03-05 23:15 修改: 2024-08-05 21:35
stdlib	CVE-2024-24785	中危	1.20.5	1.21.8, 1.22.1	golang: html/template: errors returned from MarshalJSON methods may break template escaping 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-24785 镜像层: sha256:1fefc1deaca61a920dcbe66f0e29db11a3afa054ccf89bc6b80e22b8b702a126 发布日期: 2024-03-05 23:15 修改: 2024-05-01 17:15
stdlib	CVE-2024-24789	中危	1.20.5	1.21.11, 1.22.4	golang: archive/zip: Incorrect handling of certain ZIP files 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-24789 镜像层: sha256:1fefc1deaca61a920dcbe66f0e29db11a3afa054ccf89bc6b80e22b8b702a126 发布日期: 2024-06-05 16:15 修改: 2024-07-03 01:48
stdlib	CVE-2024-24791	中危	1.20.5	1.21.12, 1.22.5	net/http: Denial of service due to improper 100-continue handling in net/http 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-24791 镜像层: sha256:1fefc1deaca61a920dcbe66f0e29db11a3afa054ccf89bc6b80e22b8b702a126 发布日期: 2024-07-02 22:15 修改: 2024-07-08 14:17
stdlib	CVE-2024-34155	中危	1.20.5	1.22.7, 1.23.1	go/parser: golang: Calling any of the Parse functions containing deeply nested literals can cause a panic/stack exhaustion 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-34155 镜像层: sha256:1fefc1deaca61a920dcbe66f0e29db11a3afa054ccf89bc6b80e22b8b702a126 发布日期: 2024-09-06 21:15 修改: 2024-11-04 17:35
stdlib	CVE-2024-34158	中危	1.20.5	1.22.7, 1.23.1	go/build/constraint: golang: Calling Parse on a "// +build" build tag line with deeply nested expressions can cause a panic due to stack exhaustion 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-34158 镜像层: sha256:1fefc1deaca61a920dcbe66f0e29db11a3afa054ccf89bc6b80e22b8b702a126 发布日期: 2024-09-06 21:15 修改: 2024-09-09 14:35
github.com/golang-jwt/jwt/v4	CVE-2024-51744	低危	v4.4.3	4.5.1	golang-jwt: Bad documentation of error handling in ParseWithClaims can lead to potentially dangerous situations in golang-jwt 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-51744 镜像层: sha256:1fefc1deaca61a920dcbe66f0e29db11a3afa054ccf89bc6b80e22b8b702a126 发布日期: 2024-11-04 22:15 修改: 2024-11-05 16:04

usr/local/bin/gitaly (gobinary)

低危漏洞:1

中危漏洞:22

高危漏洞:10

严重漏洞:4

软件包	漏洞	安全状态	安装版本	修复版本	漏洞信息
github.com/go-git/go-git/v5	CVE-2023-49569	严重	v5.4.2	5.11.0	go-git: Maliciously crafted Git server replies can lead to path traversal and RCE on go-git clients 漏洞详情: https://avd.aquasec.com/nvd/cve-2023-49569 镜像层: sha256:1fefc1deaca61a920dcbe66f0e29db11a3afa054ccf89bc6b80e22b8b702a126 发布日期: 2024-01-12 11:15 修改: 2024-01-22 18:57
github.com/go-git/go-git/v5	CVE-2025-21613	严重	v5.4.2	5.13.0	go-git: argument injection via the URL field 漏洞详情: https://avd.aquasec.com/nvd/cve-2025-21613 镜像层: sha256:1fefc1deaca61a920dcbe66f0e29db11a3afa054ccf89bc6b80e22b8b702a126 发布日期: 2025-01-06 17:15 修改: 2025-01-06 17:15
golang.org/x/crypto	CVE-2024-45337	严重	v0.7.0	0.31.0	golang.org/x/crypto/ssh: Misuse of ServerConfig.PublicKeyCallback may cause authorization bypass in golang.org/x/crypto 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-45337 镜像层: sha256:1fefc1deaca61a920dcbe66f0e29db11a3afa054ccf89bc6b80e22b8b702a126 发布日期: 2024-12-12 02:02 修改: 2024-12-12 21:15
stdlib	CVE-2024-24790	严重	1.20.5	1.21.11, 1.22.4	golang: net/netip: Unexpected behavior from Is methods for IPv4-mapped IPv6 addresses 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-24790 镜像层: sha256:1fefc1deaca61a920dcbe66f0e29db11a3afa054ccf89bc6b80e22b8b702a126 发布日期: 2024-06-05 16:15 修改: 2024-09-03 18:35
github.com/go-git/go-git/v5	CVE-2025-21614	高危	v5.4.2	5.13.0	go-git: go-git clients vulnerable to DoS via maliciously crafted Git server replies 漏洞详情: https://avd.aquasec.com/nvd/cve-2025-21614 镜像层: sha256:1fefc1deaca61a920dcbe66f0e29db11a3afa054ccf89bc6b80e22b8b702a126 发布日期: 2025-01-06 17:15 修改: 2025-01-06 17:15
github.com/cloudflare/circl	GHSA-9763-4f94-gfch	高危	v1.2.0	1.3.7	CIRCL's Kyber: timing side-channel (kyberslash2) 漏洞详情: https://github.com/advisories/GHSA-9763-4f94-gfch 镜像层: sha256:1fefc1deaca61a920dcbe66f0e29db11a3afa054ccf89bc6b80e22b8b702a126 发布日期: 0001-01-01 00:00 修改: 0001-01-01 00:00
golang.org/x/net	CVE-2023-39325	高危	v0.8.0	0.17.0	golang: net/http, x/net/http2: rapid stream resets can cause excessive work (CVE-2023-44487) 漏洞详情: https://avd.aquasec.com/nvd/cve-2023-39325 镜像层: sha256:1fefc1deaca61a920dcbe66f0e29db11a3afa054ccf89bc6b80e22b8b702a126 发布日期: 2023-10-11 22:15 修改: 2024-04-28 04:15
golang.org/x/net	CVE-2024-45338	高危	v0.8.0	0.33.0	golang.org/x/net/html: Non-linear parsing of case-insensitive content in golang.org/x/net/html 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-45338 镜像层: sha256:1fefc1deaca61a920dcbe66f0e29db11a3afa054ccf89bc6b80e22b8b702a126 发布日期: 2024-12-18 21:15 修改: 2024-12-31 20:16
google.golang.org/grpc	GHSA-m425-mq94-257g	高危	v1.54.0	1.56.3, 1.57.1, 1.58.3	gRPC-Go HTTP/2 Rapid Reset vulnerability 漏洞详情: https://github.com/advisories/GHSA-m425-mq94-257g 镜像层: sha256:1fefc1deaca61a920dcbe66f0e29db11a3afa054ccf89bc6b80e22b8b702a126 发布日期: 0001-01-01 00:00 修改: 0001-01-01 00:00
github.com/go-git/go-git/v5	CVE-2023-49568	高危	v5.4.2	5.11.0	go-git: Maliciously crafted Git server replies can cause DoS on go-git clients 漏洞详情: https://avd.aquasec.com/nvd/cve-2023-49568 镜像层: sha256:1fefc1deaca61a920dcbe66f0e29db11a3afa054ccf89bc6b80e22b8b702a126 发布日期: 2024-01-12 11:15 修改: 2024-01-22 17:57
stdlib	CVE-2023-39325	高危	1.20.5	1.20.10, 1.21.3	golang: net/http, x/net/http2: rapid stream resets can cause excessive work (CVE-2023-44487) 漏洞详情: https://avd.aquasec.com/nvd/cve-2023-39325 镜像层: sha256:1fefc1deaca61a920dcbe66f0e29db11a3afa054ccf89bc6b80e22b8b702a126 发布日期: 2023-10-11 22:15 修改: 2024-04-28 04:15
stdlib	CVE-2023-45283	高危	1.20.5	1.20.11, 1.21.4, 1.20.12, 1.21.5	The filepath package does not recognize paths with a \??\ prefix as sp ... 漏洞详情: https://avd.aquasec.com/nvd/cve-2023-45283 镜像层: sha256:1fefc1deaca61a920dcbe66f0e29db11a3afa054ccf89bc6b80e22b8b702a126 发布日期: 2023-11-09 17:15 修改: 2023-12-14 10:15
stdlib	CVE-2023-45288	高危	1.20.5	1.21.9, 1.22.2	golang: net/http, x/net/http2: unlimited number of CONTINUATION frames causes DoS 漏洞详情: https://avd.aquasec.com/nvd/cve-2023-45288 镜像层: sha256:1fefc1deaca61a920dcbe66f0e29db11a3afa054ccf89bc6b80e22b8b702a126 发布日期: 2024-04-04 21:15 修改: 2024-08-26 21:35
stdlib	CVE-2024-34156	高危	1.20.5	1.22.7, 1.23.1	encoding/gob: golang: Calling Decoder.Decode on a message which contains deeply nested structures can cause a panic due to stack exhaustion 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-34156 镜像层: sha256:1fefc1deaca61a920dcbe66f0e29db11a3afa054ccf89bc6b80e22b8b702a126 发布日期: 2024-09-06 21:15 修改: 2024-09-09 15:35
google.golang.org/grpc	CVE-2023-44487	中危	v1.54.0	1.58.3, 1.57.1, 1.56.3	HTTP/2: Multiple HTTP/2 enabled web servers are vulnerable to a DDoS attack (Rapid Reset Attack) 漏洞详情: https://avd.aquasec.com/nvd/cve-2023-44487 镜像层: sha256:1fefc1deaca61a920dcbe66f0e29db11a3afa054ccf89bc6b80e22b8b702a126 发布日期: 2023-10-10 14:15 修改: 2024-12-20 17:40
google.golang.org/protobuf	CVE-2024-24786	中危	v1.30.0	1.33.0	golang-protobuf: encoding/protojson, internal/encoding/json: infinite loop in protojson.Unmarshal when unmarshaling certain forms of invalid JSON 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-24786 镜像层: sha256:1fefc1deaca61a920dcbe66f0e29db11a3afa054ccf89bc6b80e22b8b702a126 发布日期: 2024-03-05 23:15 修改: 2024-11-07 17:35
golang.org/x/crypto	CVE-2023-48795	中危	v0.7.0	0.17.0	ssh: Prefix truncation attack on Binary Packet Protocol (BPP) 漏洞详情: https://avd.aquasec.com/nvd/cve-2023-48795 镜像层: sha256:1fefc1deaca61a920dcbe66f0e29db11a3afa054ccf89bc6b80e22b8b702a126 发布日期: 2023-12-18 16:15 修改: 2024-12-02 14:54
golang.org/x/net	CVE-2023-3978	中危	v0.8.0	0.13.0	golang.org/x/net/html: Cross site scripting 漏洞详情: https://avd.aquasec.com/nvd/cve-2023-3978 镜像层: sha256:1fefc1deaca61a920dcbe66f0e29db11a3afa054ccf89bc6b80e22b8b702a126 发布日期: 2023-08-02 20:15 修改: 2023-11-07 04:20
golang.org/x/net	CVE-2023-44487	中危	v0.8.0	0.17.0	HTTP/2: Multiple HTTP/2 enabled web servers are vulnerable to a DDoS attack (Rapid Reset Attack) 漏洞详情: https://avd.aquasec.com/nvd/cve-2023-44487 镜像层: sha256:1fefc1deaca61a920dcbe66f0e29db11a3afa054ccf89bc6b80e22b8b702a126 发布日期: 2023-10-10 14:15 修改: 2024-12-20 17:40
golang.org/x/net	CVE-2023-45288	中危	v0.8.0	0.23.0	golang: net/http, x/net/http2: unlimited number of CONTINUATION frames causes DoS 漏洞详情: https://avd.aquasec.com/nvd/cve-2023-45288 镜像层: sha256:1fefc1deaca61a920dcbe66f0e29db11a3afa054ccf89bc6b80e22b8b702a126 发布日期: 2024-04-04 21:15 修改: 2024-08-26 21:35
github.com/cloudflare/circl	CVE-2023-1732	中危	v1.2.0	1.3.3	Improper random reading in CIRCL 漏洞详情: https://avd.aquasec.com/nvd/cve-2023-1732 镜像层: sha256:1fefc1deaca61a920dcbe66f0e29db11a3afa054ccf89bc6b80e22b8b702a126 发布日期: 2023-05-10 12:15 修改: 2023-05-17 17:04
stdlib	CVE-2023-29406	中危	1.20.5	1.19.11, 1.20.6	golang: net/http: insufficient sanitization of Host header 漏洞详情: https://avd.aquasec.com/nvd/cve-2023-29406 镜像层: sha256:1fefc1deaca61a920dcbe66f0e29db11a3afa054ccf89bc6b80e22b8b702a126 发布日期: 2023-07-11 20:15 修改: 2023-11-25 11:15
stdlib	CVE-2023-29409	中危	1.20.5	1.19.12, 1.20.7, 1.21.0-rc.4	golang: crypto/tls: slow verification of certificate chains containing large RSA keys 漏洞详情: https://avd.aquasec.com/nvd/cve-2023-29409 镜像层: sha256:1fefc1deaca61a920dcbe66f0e29db11a3afa054ccf89bc6b80e22b8b702a126 发布日期: 2023-08-02 20:15 修改: 2023-11-25 11:15
stdlib	CVE-2023-39318	中危	1.20.5	1.20.8, 1.21.1	golang: html/template: improper handling of HTML-like comments within script contexts 漏洞详情: https://avd.aquasec.com/nvd/cve-2023-39318 镜像层: sha256:1fefc1deaca61a920dcbe66f0e29db11a3afa054ccf89bc6b80e22b8b702a126 发布日期: 2023-09-08 17:15 修改: 2023-11-25 11:15
stdlib	CVE-2023-39319	中危	1.20.5	1.20.8, 1.21.1	golang: html/template: improper handling of special tags within script contexts 漏洞详情: https://avd.aquasec.com/nvd/cve-2023-39319 镜像层: sha256:1fefc1deaca61a920dcbe66f0e29db11a3afa054ccf89bc6b80e22b8b702a126 发布日期: 2023-09-08 17:15 修改: 2023-11-25 11:15
stdlib	CVE-2023-39326	中危	1.20.5	1.20.12, 1.21.5	golang: net/http/internal: Denial of Service (DoS) via Resource Consumption via HTTP requests 漏洞详情: https://avd.aquasec.com/nvd/cve-2023-39326 镜像层: sha256:1fefc1deaca61a920dcbe66f0e29db11a3afa054ccf89bc6b80e22b8b702a126 发布日期: 2023-12-06 17:15 修改: 2024-01-20 04:15
stdlib	CVE-2023-45284	中危	1.20.5	1.20.11, 1.21.4	On Windows, The IsLocal function does not correctly detect reserved de ... 漏洞详情: https://avd.aquasec.com/nvd/cve-2023-45284 镜像层: sha256:1fefc1deaca61a920dcbe66f0e29db11a3afa054ccf89bc6b80e22b8b702a126 发布日期: 2023-11-09 17:15 修改: 2024-09-03 19:35
stdlib	CVE-2023-45289	中危	1.20.5	1.21.8, 1.22.1	golang: net/http/cookiejar: incorrect forwarding of sensitive headers and cookies on HTTP redirect 漏洞详情: https://avd.aquasec.com/nvd/cve-2023-45289 镜像层: sha256:1fefc1deaca61a920dcbe66f0e29db11a3afa054ccf89bc6b80e22b8b702a126 发布日期: 2024-03-05 23:15 修改: 2024-11-04 19:35
stdlib	CVE-2023-45290	中危	1.20.5	1.21.8, 1.22.1	golang: net/http: golang: mime/multipart: golang: net/textproto: memory exhaustion in Request.ParseMultipartForm 漏洞详情: https://avd.aquasec.com/nvd/cve-2023-45290 镜像层: sha256:1fefc1deaca61a920dcbe66f0e29db11a3afa054ccf89bc6b80e22b8b702a126 发布日期: 2024-03-05 23:15 修改: 2024-11-07 11:35
stdlib	CVE-2024-24783	中危	1.20.5	1.21.8, 1.22.1	golang: crypto/x509: Verify panics on certificates with an unknown public key algorithm 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-24783 镜像层: sha256:1fefc1deaca61a920dcbe66f0e29db11a3afa054ccf89bc6b80e22b8b702a126 发布日期: 2024-03-05 23:15 修改: 2024-11-05 17:35
stdlib	CVE-2024-24784	中危	1.20.5	1.21.8, 1.22.1	golang: net/mail: comments in display names are incorrectly handled 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-24784 镜像层: sha256:1fefc1deaca61a920dcbe66f0e29db11a3afa054ccf89bc6b80e22b8b702a126 发布日期: 2024-03-05 23:15 修改: 2024-08-05 21:35
stdlib	CVE-2024-24785	中危	1.20.5	1.21.8, 1.22.1	golang: html/template: errors returned from MarshalJSON methods may break template escaping 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-24785 镜像层: sha256:1fefc1deaca61a920dcbe66f0e29db11a3afa054ccf89bc6b80e22b8b702a126 发布日期: 2024-03-05 23:15 修改: 2024-05-01 17:15
stdlib	CVE-2024-24789	中危	1.20.5	1.21.11, 1.22.4	golang: archive/zip: Incorrect handling of certain ZIP files 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-24789 镜像层: sha256:1fefc1deaca61a920dcbe66f0e29db11a3afa054ccf89bc6b80e22b8b702a126 发布日期: 2024-06-05 16:15 修改: 2024-07-03 01:48
stdlib	CVE-2024-24791	中危	1.20.5	1.21.12, 1.22.5	net/http: Denial of service due to improper 100-continue handling in net/http 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-24791 镜像层: sha256:1fefc1deaca61a920dcbe66f0e29db11a3afa054ccf89bc6b80e22b8b702a126 发布日期: 2024-07-02 22:15 修改: 2024-07-08 14:17
stdlib	CVE-2024-34155	中危	1.20.5	1.22.7, 1.23.1	go/parser: golang: Calling any of the Parse functions containing deeply nested literals can cause a panic/stack exhaustion 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-34155 镜像层: sha256:1fefc1deaca61a920dcbe66f0e29db11a3afa054ccf89bc6b80e22b8b702a126 发布日期: 2024-09-06 21:15 修改: 2024-11-04 17:35
stdlib	CVE-2024-34158	中危	1.20.5	1.22.7, 1.23.1	go/build/constraint: golang: Calling Parse on a "// +build" build tag line with deeply nested expressions can cause a panic due to stack exhaustion 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-34158 镜像层: sha256:1fefc1deaca61a920dcbe66f0e29db11a3afa054ccf89bc6b80e22b8b702a126 发布日期: 2024-09-06 21:15 修改: 2024-09-09 14:35
github.com/golang-jwt/jwt/v4	CVE-2024-51744	低危	v4.5.0	4.5.1	golang-jwt: Bad documentation of error handling in ParseWithClaims can lead to potentially dangerous situations in golang-jwt 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-51744 镜像层: sha256:1fefc1deaca61a920dcbe66f0e29db11a3afa054ccf89bc6b80e22b8b702a126 发布日期: 2024-11-04 22:15 修改: 2024-11-05 16:04

usr/local/bin/gitaly-backup (gobinary)

低危漏洞:1

中危漏洞:22

高危漏洞:7

严重漏洞:2

软件包	漏洞	安全状态	安装版本	修复版本	漏洞信息
golang.org/x/crypto	CVE-2024-45337	严重	v0.7.0	0.31.0	golang.org/x/crypto/ssh: Misuse of ServerConfig.PublicKeyCallback may cause authorization bypass in golang.org/x/crypto 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-45337 镜像层: sha256:1fefc1deaca61a920dcbe66f0e29db11a3afa054ccf89bc6b80e22b8b702a126 发布日期: 2024-12-12 02:02 修改: 2024-12-12 21:15
stdlib	CVE-2024-24790	严重	1.20.5	1.21.11, 1.22.4	golang: net/netip: Unexpected behavior from Is methods for IPv4-mapped IPv6 addresses 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-24790 镜像层: sha256:1fefc1deaca61a920dcbe66f0e29db11a3afa054ccf89bc6b80e22b8b702a126 发布日期: 2024-06-05 16:15 修改: 2024-09-03 18:35
golang.org/x/net	CVE-2024-45338	高危	v0.8.0	0.33.0	golang.org/x/net/html: Non-linear parsing of case-insensitive content in golang.org/x/net/html 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-45338 镜像层: sha256:1fefc1deaca61a920dcbe66f0e29db11a3afa054ccf89bc6b80e22b8b702a126 发布日期: 2024-12-18 21:15 修改: 2024-12-31 20:16
google.golang.org/grpc	GHSA-m425-mq94-257g	高危	v1.54.0	1.56.3, 1.57.1, 1.58.3	gRPC-Go HTTP/2 Rapid Reset vulnerability 漏洞详情: https://github.com/advisories/GHSA-m425-mq94-257g 镜像层: sha256:1fefc1deaca61a920dcbe66f0e29db11a3afa054ccf89bc6b80e22b8b702a126 发布日期: 0001-01-01 00:00 修改: 0001-01-01 00:00
golang.org/x/net	CVE-2023-39325	高危	v0.8.0	0.17.0	golang: net/http, x/net/http2: rapid stream resets can cause excessive work (CVE-2023-44487) 漏洞详情: https://avd.aquasec.com/nvd/cve-2023-39325 镜像层: sha256:1fefc1deaca61a920dcbe66f0e29db11a3afa054ccf89bc6b80e22b8b702a126 发布日期: 2023-10-11 22:15 修改: 2024-04-28 04:15
stdlib	CVE-2023-39325	高危	1.20.5	1.20.10, 1.21.3	golang: net/http, x/net/http2: rapid stream resets can cause excessive work (CVE-2023-44487) 漏洞详情: https://avd.aquasec.com/nvd/cve-2023-39325 镜像层: sha256:1fefc1deaca61a920dcbe66f0e29db11a3afa054ccf89bc6b80e22b8b702a126 发布日期: 2023-10-11 22:15 修改: 2024-04-28 04:15
stdlib	CVE-2023-45283	高危	1.20.5	1.20.11, 1.21.4, 1.20.12, 1.21.5	The filepath package does not recognize paths with a \??\ prefix as sp ... 漏洞详情: https://avd.aquasec.com/nvd/cve-2023-45283 镜像层: sha256:1fefc1deaca61a920dcbe66f0e29db11a3afa054ccf89bc6b80e22b8b702a126 发布日期: 2023-11-09 17:15 修改: 2023-12-14 10:15
stdlib	CVE-2023-45288	高危	1.20.5	1.21.9, 1.22.2	golang: net/http, x/net/http2: unlimited number of CONTINUATION frames causes DoS 漏洞详情: https://avd.aquasec.com/nvd/cve-2023-45288 镜像层: sha256:1fefc1deaca61a920dcbe66f0e29db11a3afa054ccf89bc6b80e22b8b702a126 发布日期: 2024-04-04 21:15 修改: 2024-08-26 21:35
stdlib	CVE-2024-34156	高危	1.20.5	1.22.7, 1.23.1	encoding/gob: golang: Calling Decoder.Decode on a message which contains deeply nested structures can cause a panic due to stack exhaustion 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-34156 镜像层: sha256:1fefc1deaca61a920dcbe66f0e29db11a3afa054ccf89bc6b80e22b8b702a126 发布日期: 2024-09-06 21:15 修改: 2024-09-09 15:35
google.golang.org/grpc	CVE-2023-44487	中危	v1.54.0	1.58.3, 1.57.1, 1.56.3	HTTP/2: Multiple HTTP/2 enabled web servers are vulnerable to a DDoS attack (Rapid Reset Attack) 漏洞详情: https://avd.aquasec.com/nvd/cve-2023-44487 镜像层: sha256:1fefc1deaca61a920dcbe66f0e29db11a3afa054ccf89bc6b80e22b8b702a126 发布日期: 2023-10-10 14:15 修改: 2024-12-20 17:40
google.golang.org/protobuf	CVE-2024-24786	中危	v1.30.0	1.33.0	golang-protobuf: encoding/protojson, internal/encoding/json: infinite loop in protojson.Unmarshal when unmarshaling certain forms of invalid JSON 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-24786 镜像层: sha256:1fefc1deaca61a920dcbe66f0e29db11a3afa054ccf89bc6b80e22b8b702a126 发布日期: 2024-03-05 23:15 修改: 2024-11-07 17:35
golang.org/x/crypto	CVE-2023-48795	中危	v0.7.0	0.17.0	ssh: Prefix truncation attack on Binary Packet Protocol (BPP) 漏洞详情: https://avd.aquasec.com/nvd/cve-2023-48795 镜像层: sha256:1fefc1deaca61a920dcbe66f0e29db11a3afa054ccf89bc6b80e22b8b702a126 发布日期: 2023-12-18 16:15 修改: 2024-12-02 14:54
golang.org/x/net	CVE-2023-3978	中危	v0.8.0	0.13.0	golang.org/x/net/html: Cross site scripting 漏洞详情: https://avd.aquasec.com/nvd/cve-2023-3978 镜像层: sha256:1fefc1deaca61a920dcbe66f0e29db11a3afa054ccf89bc6b80e22b8b702a126 发布日期: 2023-08-02 20:15 修改: 2023-11-07 04:20
golang.org/x/net	CVE-2023-44487	中危	v0.8.0	0.17.0	HTTP/2: Multiple HTTP/2 enabled web servers are vulnerable to a DDoS attack (Rapid Reset Attack) 漏洞详情: https://avd.aquasec.com/nvd/cve-2023-44487 镜像层: sha256:1fefc1deaca61a920dcbe66f0e29db11a3afa054ccf89bc6b80e22b8b702a126 发布日期: 2023-10-10 14:15 修改: 2024-12-20 17:40
golang.org/x/net	CVE-2023-45288	中危	v0.8.0	0.23.0	golang: net/http, x/net/http2: unlimited number of CONTINUATION frames causes DoS 漏洞详情: https://avd.aquasec.com/nvd/cve-2023-45288 镜像层: sha256:1fefc1deaca61a920dcbe66f0e29db11a3afa054ccf89bc6b80e22b8b702a126 发布日期: 2024-04-04 21:15 修改: 2024-08-26 21:35
github.com/Azure/azure-sdk-for-go/sdk/azidentity	CVE-2024-35255	中危	v1.2.1	1.6.0	azure-identity: Azure Identity Libraries Elevation of Privilege Vulnerability in github.com/Azure/azure-sdk-for-go/sdk/azidentity 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-35255 镜像层: sha256:1fefc1deaca61a920dcbe66f0e29db11a3afa054ccf89bc6b80e22b8b702a126 发布日期: 2024-06-11 17:16 修改: 2024-06-20 16:31
stdlib	CVE-2023-29406	中危	1.20.5	1.19.11, 1.20.6	golang: net/http: insufficient sanitization of Host header 漏洞详情: https://avd.aquasec.com/nvd/cve-2023-29406 镜像层: sha256:1fefc1deaca61a920dcbe66f0e29db11a3afa054ccf89bc6b80e22b8b702a126 发布日期: 2023-07-11 20:15 修改: 2023-11-25 11:15
stdlib	CVE-2023-29409	中危	1.20.5	1.19.12, 1.20.7, 1.21.0-rc.4	golang: crypto/tls: slow verification of certificate chains containing large RSA keys 漏洞详情: https://avd.aquasec.com/nvd/cve-2023-29409 镜像层: sha256:1fefc1deaca61a920dcbe66f0e29db11a3afa054ccf89bc6b80e22b8b702a126 发布日期: 2023-08-02 20:15 修改: 2023-11-25 11:15
stdlib	CVE-2023-39318	中危	1.20.5	1.20.8, 1.21.1	golang: html/template: improper handling of HTML-like comments within script contexts 漏洞详情: https://avd.aquasec.com/nvd/cve-2023-39318 镜像层: sha256:1fefc1deaca61a920dcbe66f0e29db11a3afa054ccf89bc6b80e22b8b702a126 发布日期: 2023-09-08 17:15 修改: 2023-11-25 11:15
stdlib	CVE-2023-39319	中危	1.20.5	1.20.8, 1.21.1	golang: html/template: improper handling of special tags within script contexts 漏洞详情: https://avd.aquasec.com/nvd/cve-2023-39319 镜像层: sha256:1fefc1deaca61a920dcbe66f0e29db11a3afa054ccf89bc6b80e22b8b702a126 发布日期: 2023-09-08 17:15 修改: 2023-11-25 11:15
stdlib	CVE-2023-39326	中危	1.20.5	1.20.12, 1.21.5	golang: net/http/internal: Denial of Service (DoS) via Resource Consumption via HTTP requests 漏洞详情: https://avd.aquasec.com/nvd/cve-2023-39326 镜像层: sha256:1fefc1deaca61a920dcbe66f0e29db11a3afa054ccf89bc6b80e22b8b702a126 发布日期: 2023-12-06 17:15 修改: 2024-01-20 04:15
stdlib	CVE-2023-45284	中危	1.20.5	1.20.11, 1.21.4	On Windows, The IsLocal function does not correctly detect reserved de ... 漏洞详情: https://avd.aquasec.com/nvd/cve-2023-45284 镜像层: sha256:1fefc1deaca61a920dcbe66f0e29db11a3afa054ccf89bc6b80e22b8b702a126 发布日期: 2023-11-09 17:15 修改: 2024-09-03 19:35
stdlib	CVE-2023-45289	中危	1.20.5	1.21.8, 1.22.1	golang: net/http/cookiejar: incorrect forwarding of sensitive headers and cookies on HTTP redirect 漏洞详情: https://avd.aquasec.com/nvd/cve-2023-45289 镜像层: sha256:1fefc1deaca61a920dcbe66f0e29db11a3afa054ccf89bc6b80e22b8b702a126 发布日期: 2024-03-05 23:15 修改: 2024-11-04 19:35
stdlib	CVE-2023-45290	中危	1.20.5	1.21.8, 1.22.1	golang: net/http: golang: mime/multipart: golang: net/textproto: memory exhaustion in Request.ParseMultipartForm 漏洞详情: https://avd.aquasec.com/nvd/cve-2023-45290 镜像层: sha256:1fefc1deaca61a920dcbe66f0e29db11a3afa054ccf89bc6b80e22b8b702a126 发布日期: 2024-03-05 23:15 修改: 2024-11-07 11:35
stdlib	CVE-2024-24783	中危	1.20.5	1.21.8, 1.22.1	golang: crypto/x509: Verify panics on certificates with an unknown public key algorithm 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-24783 镜像层: sha256:1fefc1deaca61a920dcbe66f0e29db11a3afa054ccf89bc6b80e22b8b702a126 发布日期: 2024-03-05 23:15 修改: 2024-11-05 17:35
stdlib	CVE-2024-24784	中危	1.20.5	1.21.8, 1.22.1	golang: net/mail: comments in display names are incorrectly handled 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-24784 镜像层: sha256:1fefc1deaca61a920dcbe66f0e29db11a3afa054ccf89bc6b80e22b8b702a126 发布日期: 2024-03-05 23:15 修改: 2024-08-05 21:35
stdlib	CVE-2024-24785	中危	1.20.5	1.21.8, 1.22.1	golang: html/template: errors returned from MarshalJSON methods may break template escaping 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-24785 镜像层: sha256:1fefc1deaca61a920dcbe66f0e29db11a3afa054ccf89bc6b80e22b8b702a126 发布日期: 2024-03-05 23:15 修改: 2024-05-01 17:15
stdlib	CVE-2024-24789	中危	1.20.5	1.21.11, 1.22.4	golang: archive/zip: Incorrect handling of certain ZIP files 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-24789 镜像层: sha256:1fefc1deaca61a920dcbe66f0e29db11a3afa054ccf89bc6b80e22b8b702a126 发布日期: 2024-06-05 16:15 修改: 2024-07-03 01:48
stdlib	CVE-2024-24791	中危	1.20.5	1.21.12, 1.22.5	net/http: Denial of service due to improper 100-continue handling in net/http 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-24791 镜像层: sha256:1fefc1deaca61a920dcbe66f0e29db11a3afa054ccf89bc6b80e22b8b702a126 发布日期: 2024-07-02 22:15 修改: 2024-07-08 14:17
stdlib	CVE-2024-34155	中危	1.20.5	1.22.7, 1.23.1	go/parser: golang: Calling any of the Parse functions containing deeply nested literals can cause a panic/stack exhaustion 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-34155 镜像层: sha256:1fefc1deaca61a920dcbe66f0e29db11a3afa054ccf89bc6b80e22b8b702a126 发布日期: 2024-09-06 21:15 修改: 2024-11-04 17:35
stdlib	CVE-2024-34158	中危	1.20.5	1.22.7, 1.23.1	go/build/constraint: golang: Calling Parse on a "// +build" build tag line with deeply nested expressions can cause a panic due to stack exhaustion 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-34158 镜像层: sha256:1fefc1deaca61a920dcbe66f0e29db11a3afa054ccf89bc6b80e22b8b702a126 发布日期: 2024-09-06 21:15 修改: 2024-09-09 14:35
github.com/golang-jwt/jwt/v4	CVE-2024-51744	低危	v4.5.0	4.5.1	golang-jwt: Bad documentation of error handling in ParseWithClaims can lead to potentially dangerous situations in golang-jwt 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-51744 镜像层: sha256:1fefc1deaca61a920dcbe66f0e29db11a3afa054ccf89bc6b80e22b8b702a126 发布日期: 2024-11-04 22:15 修改: 2024-11-05 16:04

usr/local/bin/gitaly-blackbox (gobinary)

低危漏洞:0

中危漏洞:20

高危漏洞:7

严重漏洞:1

软件包	漏洞	安全状态	安装版本	修复版本	漏洞信息
stdlib	CVE-2024-24790	严重	1.20.5	1.21.11, 1.22.4	golang: net/netip: Unexpected behavior from Is methods for IPv4-mapped IPv6 addresses 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-24790 镜像层: sha256:1fefc1deaca61a920dcbe66f0e29db11a3afa054ccf89bc6b80e22b8b702a126 发布日期: 2024-06-05 16:15 修改: 2024-09-03 18:35
golang.org/x/net	CVE-2024-45338	高危	v0.8.0	0.33.0	golang.org/x/net/html: Non-linear parsing of case-insensitive content in golang.org/x/net/html 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-45338 镜像层: sha256:1fefc1deaca61a920dcbe66f0e29db11a3afa054ccf89bc6b80e22b8b702a126 发布日期: 2024-12-18 21:15 修改: 2024-12-31 20:16
google.golang.org/grpc	GHSA-m425-mq94-257g	高危	v1.54.0	1.56.3, 1.57.1, 1.58.3	gRPC-Go HTTP/2 Rapid Reset vulnerability 漏洞详情: https://github.com/advisories/GHSA-m425-mq94-257g 镜像层: sha256:1fefc1deaca61a920dcbe66f0e29db11a3afa054ccf89bc6b80e22b8b702a126 发布日期: 0001-01-01 00:00 修改: 0001-01-01 00:00
golang.org/x/net	CVE-2023-39325	高危	v0.8.0	0.17.0	golang: net/http, x/net/http2: rapid stream resets can cause excessive work (CVE-2023-44487) 漏洞详情: https://avd.aquasec.com/nvd/cve-2023-39325 镜像层: sha256:1fefc1deaca61a920dcbe66f0e29db11a3afa054ccf89bc6b80e22b8b702a126 发布日期: 2023-10-11 22:15 修改: 2024-04-28 04:15
stdlib	CVE-2023-39325	高危	1.20.5	1.20.10, 1.21.3	golang: net/http, x/net/http2: rapid stream resets can cause excessive work (CVE-2023-44487) 漏洞详情: https://avd.aquasec.com/nvd/cve-2023-39325 镜像层: sha256:1fefc1deaca61a920dcbe66f0e29db11a3afa054ccf89bc6b80e22b8b702a126 发布日期: 2023-10-11 22:15 修改: 2024-04-28 04:15
stdlib	CVE-2023-45283	高危	1.20.5	1.20.11, 1.21.4, 1.20.12, 1.21.5	The filepath package does not recognize paths with a \??\ prefix as sp ... 漏洞详情: https://avd.aquasec.com/nvd/cve-2023-45283 镜像层: sha256:1fefc1deaca61a920dcbe66f0e29db11a3afa054ccf89bc6b80e22b8b702a126 发布日期: 2023-11-09 17:15 修改: 2023-12-14 10:15
stdlib	CVE-2023-45288	高危	1.20.5	1.21.9, 1.22.2	golang: net/http, x/net/http2: unlimited number of CONTINUATION frames causes DoS 漏洞详情: https://avd.aquasec.com/nvd/cve-2023-45288 镜像层: sha256:1fefc1deaca61a920dcbe66f0e29db11a3afa054ccf89bc6b80e22b8b702a126 发布日期: 2024-04-04 21:15 修改: 2024-08-26 21:35
stdlib	CVE-2024-34156	高危	1.20.5	1.22.7, 1.23.1	encoding/gob: golang: Calling Decoder.Decode on a message which contains deeply nested structures can cause a panic due to stack exhaustion 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-34156 镜像层: sha256:1fefc1deaca61a920dcbe66f0e29db11a3afa054ccf89bc6b80e22b8b702a126 发布日期: 2024-09-06 21:15 修改: 2024-09-09 15:35
golang.org/x/net	CVE-2023-44487	中危	v0.8.0	0.17.0	HTTP/2: Multiple HTTP/2 enabled web servers are vulnerable to a DDoS attack (Rapid Reset Attack) 漏洞详情: https://avd.aquasec.com/nvd/cve-2023-44487 镜像层: sha256:1fefc1deaca61a920dcbe66f0e29db11a3afa054ccf89bc6b80e22b8b702a126 发布日期: 2023-10-10 14:15 修改: 2024-12-20 17:40
golang.org/x/net	CVE-2023-45288	中危	v0.8.0	0.23.0	golang: net/http, x/net/http2: unlimited number of CONTINUATION frames causes DoS 漏洞详情: https://avd.aquasec.com/nvd/cve-2023-45288 镜像层: sha256:1fefc1deaca61a920dcbe66f0e29db11a3afa054ccf89bc6b80e22b8b702a126 发布日期: 2024-04-04 21:15 修改: 2024-08-26 21:35
golang.org/x/net	CVE-2023-3978	中危	v0.8.0	0.13.0	golang.org/x/net/html: Cross site scripting 漏洞详情: https://avd.aquasec.com/nvd/cve-2023-3978 镜像层: sha256:1fefc1deaca61a920dcbe66f0e29db11a3afa054ccf89bc6b80e22b8b702a126 发布日期: 2023-08-02 20:15 修改: 2023-11-07 04:20
google.golang.org/grpc	CVE-2023-44487	中危	v1.54.0	1.58.3, 1.57.1, 1.56.3	HTTP/2: Multiple HTTP/2 enabled web servers are vulnerable to a DDoS attack (Rapid Reset Attack) 漏洞详情: https://avd.aquasec.com/nvd/cve-2023-44487 镜像层: sha256:1fefc1deaca61a920dcbe66f0e29db11a3afa054ccf89bc6b80e22b8b702a126 发布日期: 2023-10-10 14:15 修改: 2024-12-20 17:40
google.golang.org/protobuf	CVE-2024-24786	中危	v1.30.0	1.33.0	golang-protobuf: encoding/protojson, internal/encoding/json: infinite loop in protojson.Unmarshal when unmarshaling certain forms of invalid JSON 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-24786 镜像层: sha256:1fefc1deaca61a920dcbe66f0e29db11a3afa054ccf89bc6b80e22b8b702a126 发布日期: 2024-03-05 23:15 修改: 2024-11-07 17:35
stdlib	CVE-2023-29406	中危	1.20.5	1.19.11, 1.20.6	golang: net/http: insufficient sanitization of Host header 漏洞详情: https://avd.aquasec.com/nvd/cve-2023-29406 镜像层: sha256:1fefc1deaca61a920dcbe66f0e29db11a3afa054ccf89bc6b80e22b8b702a126 发布日期: 2023-07-11 20:15 修改: 2023-11-25 11:15
stdlib	CVE-2023-29409	中危	1.20.5	1.19.12, 1.20.7, 1.21.0-rc.4	golang: crypto/tls: slow verification of certificate chains containing large RSA keys 漏洞详情: https://avd.aquasec.com/nvd/cve-2023-29409 镜像层: sha256:1fefc1deaca61a920dcbe66f0e29db11a3afa054ccf89bc6b80e22b8b702a126 发布日期: 2023-08-02 20:15 修改: 2023-11-25 11:15
stdlib	CVE-2023-39318	中危	1.20.5	1.20.8, 1.21.1	golang: html/template: improper handling of HTML-like comments within script contexts 漏洞详情: https://avd.aquasec.com/nvd/cve-2023-39318 镜像层: sha256:1fefc1deaca61a920dcbe66f0e29db11a3afa054ccf89bc6b80e22b8b702a126 发布日期: 2023-09-08 17:15 修改: 2023-11-25 11:15
stdlib	CVE-2023-39319	中危	1.20.5	1.20.8, 1.21.1	golang: html/template: improper handling of special tags within script contexts 漏洞详情: https://avd.aquasec.com/nvd/cve-2023-39319 镜像层: sha256:1fefc1deaca61a920dcbe66f0e29db11a3afa054ccf89bc6b80e22b8b702a126 发布日期: 2023-09-08 17:15 修改: 2023-11-25 11:15
stdlib	CVE-2023-39326	中危	1.20.5	1.20.12, 1.21.5	golang: net/http/internal: Denial of Service (DoS) via Resource Consumption via HTTP requests 漏洞详情: https://avd.aquasec.com/nvd/cve-2023-39326 镜像层: sha256:1fefc1deaca61a920dcbe66f0e29db11a3afa054ccf89bc6b80e22b8b702a126 发布日期: 2023-12-06 17:15 修改: 2024-01-20 04:15
stdlib	CVE-2023-45284	中危	1.20.5	1.20.11, 1.21.4	On Windows, The IsLocal function does not correctly detect reserved de ... 漏洞详情: https://avd.aquasec.com/nvd/cve-2023-45284 镜像层: sha256:1fefc1deaca61a920dcbe66f0e29db11a3afa054ccf89bc6b80e22b8b702a126 发布日期: 2023-11-09 17:15 修改: 2024-09-03 19:35
stdlib	CVE-2023-45289	中危	1.20.5	1.21.8, 1.22.1	golang: net/http/cookiejar: incorrect forwarding of sensitive headers and cookies on HTTP redirect 漏洞详情: https://avd.aquasec.com/nvd/cve-2023-45289 镜像层: sha256:1fefc1deaca61a920dcbe66f0e29db11a3afa054ccf89bc6b80e22b8b702a126 发布日期: 2024-03-05 23:15 修改: 2024-11-04 19:35
stdlib	CVE-2023-45290	中危	1.20.5	1.21.8, 1.22.1	golang: net/http: golang: mime/multipart: golang: net/textproto: memory exhaustion in Request.ParseMultipartForm 漏洞详情: https://avd.aquasec.com/nvd/cve-2023-45290 镜像层: sha256:1fefc1deaca61a920dcbe66f0e29db11a3afa054ccf89bc6b80e22b8b702a126 发布日期: 2024-03-05 23:15 修改: 2024-11-07 11:35
stdlib	CVE-2024-24783	中危	1.20.5	1.21.8, 1.22.1	golang: crypto/x509: Verify panics on certificates with an unknown public key algorithm 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-24783 镜像层: sha256:1fefc1deaca61a920dcbe66f0e29db11a3afa054ccf89bc6b80e22b8b702a126 发布日期: 2024-03-05 23:15 修改: 2024-11-05 17:35
stdlib	CVE-2024-24784	中危	1.20.5	1.21.8, 1.22.1	golang: net/mail: comments in display names are incorrectly handled 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-24784 镜像层: sha256:1fefc1deaca61a920dcbe66f0e29db11a3afa054ccf89bc6b80e22b8b702a126 发布日期: 2024-03-05 23:15 修改: 2024-08-05 21:35
stdlib	CVE-2024-24785	中危	1.20.5	1.21.8, 1.22.1	golang: html/template: errors returned from MarshalJSON methods may break template escaping 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-24785 镜像层: sha256:1fefc1deaca61a920dcbe66f0e29db11a3afa054ccf89bc6b80e22b8b702a126 发布日期: 2024-03-05 23:15 修改: 2024-05-01 17:15
stdlib	CVE-2024-24789	中危	1.20.5	1.21.11, 1.22.4	golang: archive/zip: Incorrect handling of certain ZIP files 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-24789 镜像层: sha256:1fefc1deaca61a920dcbe66f0e29db11a3afa054ccf89bc6b80e22b8b702a126 发布日期: 2024-06-05 16:15 修改: 2024-07-03 01:48
stdlib	CVE-2024-24791	中危	1.20.5	1.21.12, 1.22.5	net/http: Denial of service due to improper 100-continue handling in net/http 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-24791 镜像层: sha256:1fefc1deaca61a920dcbe66f0e29db11a3afa054ccf89bc6b80e22b8b702a126 发布日期: 2024-07-02 22:15 修改: 2024-07-08 14:17
stdlib	CVE-2024-34155	中危	1.20.5	1.22.7, 1.23.1	go/parser: golang: Calling any of the Parse functions containing deeply nested literals can cause a panic/stack exhaustion 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-34155 镜像层: sha256:1fefc1deaca61a920dcbe66f0e29db11a3afa054ccf89bc6b80e22b8b702a126 发布日期: 2024-09-06 21:15 修改: 2024-11-04 17:35
stdlib	CVE-2024-34158	中危	1.20.5	1.22.7, 1.23.1	go/build/constraint: golang: Calling Parse on a "// +build" build tag line with deeply nested expressions can cause a panic due to stack exhaustion 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-34158 镜像层: sha256:1fefc1deaca61a920dcbe66f0e29db11a3afa054ccf89bc6b80e22b8b702a126 发布日期: 2024-09-06 21:15 修改: 2024-09-09 14:35

usr/local/bin/gitaly-debug (gobinary)

低危漏洞:0

中危漏洞:20

高危漏洞:7

严重漏洞:1

软件包	漏洞	安全状态	安装版本	修复版本	漏洞信息
stdlib	CVE-2024-24790	严重	1.20.5	1.21.11, 1.22.4	golang: net/netip: Unexpected behavior from Is methods for IPv4-mapped IPv6 addresses 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-24790 镜像层: sha256:1fefc1deaca61a920dcbe66f0e29db11a3afa054ccf89bc6b80e22b8b702a126 发布日期: 2024-06-05 16:15 修改: 2024-09-03 18:35
golang.org/x/net	CVE-2024-45338	高危	v0.8.0	0.33.0	golang.org/x/net/html: Non-linear parsing of case-insensitive content in golang.org/x/net/html 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-45338 镜像层: sha256:1fefc1deaca61a920dcbe66f0e29db11a3afa054ccf89bc6b80e22b8b702a126 发布日期: 2024-12-18 21:15 修改: 2024-12-31 20:16
google.golang.org/grpc	GHSA-m425-mq94-257g	高危	v1.54.0	1.56.3, 1.57.1, 1.58.3	gRPC-Go HTTP/2 Rapid Reset vulnerability 漏洞详情: https://github.com/advisories/GHSA-m425-mq94-257g 镜像层: sha256:1fefc1deaca61a920dcbe66f0e29db11a3afa054ccf89bc6b80e22b8b702a126 发布日期: 0001-01-01 00:00 修改: 0001-01-01 00:00
golang.org/x/net	CVE-2023-39325	高危	v0.8.0	0.17.0	golang: net/http, x/net/http2: rapid stream resets can cause excessive work (CVE-2023-44487) 漏洞详情: https://avd.aquasec.com/nvd/cve-2023-39325 镜像层: sha256:1fefc1deaca61a920dcbe66f0e29db11a3afa054ccf89bc6b80e22b8b702a126 发布日期: 2023-10-11 22:15 修改: 2024-04-28 04:15
stdlib	CVE-2023-39325	高危	1.20.5	1.20.10, 1.21.3	golang: net/http, x/net/http2: rapid stream resets can cause excessive work (CVE-2023-44487) 漏洞详情: https://avd.aquasec.com/nvd/cve-2023-39325 镜像层: sha256:1fefc1deaca61a920dcbe66f0e29db11a3afa054ccf89bc6b80e22b8b702a126 发布日期: 2023-10-11 22:15 修改: 2024-04-28 04:15
stdlib	CVE-2023-45283	高危	1.20.5	1.20.11, 1.21.4, 1.20.12, 1.21.5	The filepath package does not recognize paths with a \??\ prefix as sp ... 漏洞详情: https://avd.aquasec.com/nvd/cve-2023-45283 镜像层: sha256:1fefc1deaca61a920dcbe66f0e29db11a3afa054ccf89bc6b80e22b8b702a126 发布日期: 2023-11-09 17:15 修改: 2023-12-14 10:15
stdlib	CVE-2023-45288	高危	1.20.5	1.21.9, 1.22.2	golang: net/http, x/net/http2: unlimited number of CONTINUATION frames causes DoS 漏洞详情: https://avd.aquasec.com/nvd/cve-2023-45288 镜像层: sha256:1fefc1deaca61a920dcbe66f0e29db11a3afa054ccf89bc6b80e22b8b702a126 发布日期: 2024-04-04 21:15 修改: 2024-08-26 21:35
stdlib	CVE-2024-34156	高危	1.20.5	1.22.7, 1.23.1	encoding/gob: golang: Calling Decoder.Decode on a message which contains deeply nested structures can cause a panic due to stack exhaustion 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-34156 镜像层: sha256:1fefc1deaca61a920dcbe66f0e29db11a3afa054ccf89bc6b80e22b8b702a126 发布日期: 2024-09-06 21:15 修改: 2024-09-09 15:35
golang.org/x/net	CVE-2023-44487	中危	v0.8.0	0.17.0	HTTP/2: Multiple HTTP/2 enabled web servers are vulnerable to a DDoS attack (Rapid Reset Attack) 漏洞详情: https://avd.aquasec.com/nvd/cve-2023-44487 镜像层: sha256:1fefc1deaca61a920dcbe66f0e29db11a3afa054ccf89bc6b80e22b8b702a126 发布日期: 2023-10-10 14:15 修改: 2024-12-20 17:40
golang.org/x/net	CVE-2023-45288	中危	v0.8.0	0.23.0	golang: net/http, x/net/http2: unlimited number of CONTINUATION frames causes DoS 漏洞详情: https://avd.aquasec.com/nvd/cve-2023-45288 镜像层: sha256:1fefc1deaca61a920dcbe66f0e29db11a3afa054ccf89bc6b80e22b8b702a126 发布日期: 2024-04-04 21:15 修改: 2024-08-26 21:35
golang.org/x/net	CVE-2023-3978	中危	v0.8.0	0.13.0	golang.org/x/net/html: Cross site scripting 漏洞详情: https://avd.aquasec.com/nvd/cve-2023-3978 镜像层: sha256:1fefc1deaca61a920dcbe66f0e29db11a3afa054ccf89bc6b80e22b8b702a126 发布日期: 2023-08-02 20:15 修改: 2023-11-07 04:20
google.golang.org/grpc	CVE-2023-44487	中危	v1.54.0	1.58.3, 1.57.1, 1.56.3	HTTP/2: Multiple HTTP/2 enabled web servers are vulnerable to a DDoS attack (Rapid Reset Attack) 漏洞详情: https://avd.aquasec.com/nvd/cve-2023-44487 镜像层: sha256:1fefc1deaca61a920dcbe66f0e29db11a3afa054ccf89bc6b80e22b8b702a126 发布日期: 2023-10-10 14:15 修改: 2024-12-20 17:40
google.golang.org/protobuf	CVE-2024-24786	中危	v1.30.0	1.33.0	golang-protobuf: encoding/protojson, internal/encoding/json: infinite loop in protojson.Unmarshal when unmarshaling certain forms of invalid JSON 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-24786 镜像层: sha256:1fefc1deaca61a920dcbe66f0e29db11a3afa054ccf89bc6b80e22b8b702a126 发布日期: 2024-03-05 23:15 修改: 2024-11-07 17:35
stdlib	CVE-2023-29406	中危	1.20.5	1.19.11, 1.20.6	golang: net/http: insufficient sanitization of Host header 漏洞详情: https://avd.aquasec.com/nvd/cve-2023-29406 镜像层: sha256:1fefc1deaca61a920dcbe66f0e29db11a3afa054ccf89bc6b80e22b8b702a126 发布日期: 2023-07-11 20:15 修改: 2023-11-25 11:15
stdlib	CVE-2023-29409	中危	1.20.5	1.19.12, 1.20.7, 1.21.0-rc.4	golang: crypto/tls: slow verification of certificate chains containing large RSA keys 漏洞详情: https://avd.aquasec.com/nvd/cve-2023-29409 镜像层: sha256:1fefc1deaca61a920dcbe66f0e29db11a3afa054ccf89bc6b80e22b8b702a126 发布日期: 2023-08-02 20:15 修改: 2023-11-25 11:15
stdlib	CVE-2023-39318	中危	1.20.5	1.20.8, 1.21.1	golang: html/template: improper handling of HTML-like comments within script contexts 漏洞详情: https://avd.aquasec.com/nvd/cve-2023-39318 镜像层: sha256:1fefc1deaca61a920dcbe66f0e29db11a3afa054ccf89bc6b80e22b8b702a126 发布日期: 2023-09-08 17:15 修改: 2023-11-25 11:15
stdlib	CVE-2023-39319	中危	1.20.5	1.20.8, 1.21.1	golang: html/template: improper handling of special tags within script contexts 漏洞详情: https://avd.aquasec.com/nvd/cve-2023-39319 镜像层: sha256:1fefc1deaca61a920dcbe66f0e29db11a3afa054ccf89bc6b80e22b8b702a126 发布日期: 2023-09-08 17:15 修改: 2023-11-25 11:15
stdlib	CVE-2023-39326	中危	1.20.5	1.20.12, 1.21.5	golang: net/http/internal: Denial of Service (DoS) via Resource Consumption via HTTP requests 漏洞详情: https://avd.aquasec.com/nvd/cve-2023-39326 镜像层: sha256:1fefc1deaca61a920dcbe66f0e29db11a3afa054ccf89bc6b80e22b8b702a126 发布日期: 2023-12-06 17:15 修改: 2024-01-20 04:15
stdlib	CVE-2023-45284	中危	1.20.5	1.20.11, 1.21.4	On Windows, The IsLocal function does not correctly detect reserved de ... 漏洞详情: https://avd.aquasec.com/nvd/cve-2023-45284 镜像层: sha256:1fefc1deaca61a920dcbe66f0e29db11a3afa054ccf89bc6b80e22b8b702a126 发布日期: 2023-11-09 17:15 修改: 2024-09-03 19:35
stdlib	CVE-2023-45289	中危	1.20.5	1.21.8, 1.22.1	golang: net/http/cookiejar: incorrect forwarding of sensitive headers and cookies on HTTP redirect 漏洞详情: https://avd.aquasec.com/nvd/cve-2023-45289 镜像层: sha256:1fefc1deaca61a920dcbe66f0e29db11a3afa054ccf89bc6b80e22b8b702a126 发布日期: 2024-03-05 23:15 修改: 2024-11-04 19:35
stdlib	CVE-2023-45290	中危	1.20.5	1.21.8, 1.22.1	golang: net/http: golang: mime/multipart: golang: net/textproto: memory exhaustion in Request.ParseMultipartForm 漏洞详情: https://avd.aquasec.com/nvd/cve-2023-45290 镜像层: sha256:1fefc1deaca61a920dcbe66f0e29db11a3afa054ccf89bc6b80e22b8b702a126 发布日期: 2024-03-05 23:15 修改: 2024-11-07 11:35
stdlib	CVE-2024-24783	中危	1.20.5	1.21.8, 1.22.1	golang: crypto/x509: Verify panics on certificates with an unknown public key algorithm 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-24783 镜像层: sha256:1fefc1deaca61a920dcbe66f0e29db11a3afa054ccf89bc6b80e22b8b702a126 发布日期: 2024-03-05 23:15 修改: 2024-11-05 17:35
stdlib	CVE-2024-24784	中危	1.20.5	1.21.8, 1.22.1	golang: net/mail: comments in display names are incorrectly handled 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-24784 镜像层: sha256:1fefc1deaca61a920dcbe66f0e29db11a3afa054ccf89bc6b80e22b8b702a126 发布日期: 2024-03-05 23:15 修改: 2024-08-05 21:35
stdlib	CVE-2024-24785	中危	1.20.5	1.21.8, 1.22.1	golang: html/template: errors returned from MarshalJSON methods may break template escaping 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-24785 镜像层: sha256:1fefc1deaca61a920dcbe66f0e29db11a3afa054ccf89bc6b80e22b8b702a126 发布日期: 2024-03-05 23:15 修改: 2024-05-01 17:15
stdlib	CVE-2024-24789	中危	1.20.5	1.21.11, 1.22.4	golang: archive/zip: Incorrect handling of certain ZIP files 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-24789 镜像层: sha256:1fefc1deaca61a920dcbe66f0e29db11a3afa054ccf89bc6b80e22b8b702a126 发布日期: 2024-06-05 16:15 修改: 2024-07-03 01:48
stdlib	CVE-2024-24791	中危	1.20.5	1.21.12, 1.22.5	net/http: Denial of service due to improper 100-continue handling in net/http 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-24791 镜像层: sha256:1fefc1deaca61a920dcbe66f0e29db11a3afa054ccf89bc6b80e22b8b702a126 发布日期: 2024-07-02 22:15 修改: 2024-07-08 14:17
stdlib	CVE-2024-34155	中危	1.20.5	1.22.7, 1.23.1	go/parser: golang: Calling any of the Parse functions containing deeply nested literals can cause a panic/stack exhaustion 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-34155 镜像层: sha256:1fefc1deaca61a920dcbe66f0e29db11a3afa054ccf89bc6b80e22b8b702a126 发布日期: 2024-09-06 21:15 修改: 2024-11-04 17:35
stdlib	CVE-2024-34158	中危	1.20.5	1.22.7, 1.23.1	go/build/constraint: golang: Calling Parse on a "// +build" build tag line with deeply nested expressions can cause a panic due to stack exhaustion 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-34158 镜像层: sha256:1fefc1deaca61a920dcbe66f0e29db11a3afa054ccf89bc6b80e22b8b702a126 发布日期: 2024-09-06 21:15 修改: 2024-09-09 14:35

usr/local/bin/gitaly-wrapper (gobinary)

低危漏洞:0

中危漏洞:20

高危漏洞:7

严重漏洞:1

软件包	漏洞	安全状态	安装版本	修复版本	漏洞信息
stdlib	CVE-2024-24790	严重	1.20.5	1.21.11, 1.22.4	golang: net/netip: Unexpected behavior from Is methods for IPv4-mapped IPv6 addresses 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-24790 镜像层: sha256:1fefc1deaca61a920dcbe66f0e29db11a3afa054ccf89bc6b80e22b8b702a126 发布日期: 2024-06-05 16:15 修改: 2024-09-03 18:35
golang.org/x/net	CVE-2024-45338	高危	v0.8.0	0.33.0	golang.org/x/net/html: Non-linear parsing of case-insensitive content in golang.org/x/net/html 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-45338 镜像层: sha256:1fefc1deaca61a920dcbe66f0e29db11a3afa054ccf89bc6b80e22b8b702a126 发布日期: 2024-12-18 21:15 修改: 2024-12-31 20:16
google.golang.org/grpc	GHSA-m425-mq94-257g	高危	v1.54.0	1.56.3, 1.57.1, 1.58.3	gRPC-Go HTTP/2 Rapid Reset vulnerability 漏洞详情: https://github.com/advisories/GHSA-m425-mq94-257g 镜像层: sha256:1fefc1deaca61a920dcbe66f0e29db11a3afa054ccf89bc6b80e22b8b702a126 发布日期: 0001-01-01 00:00 修改: 0001-01-01 00:00
golang.org/x/net	CVE-2023-39325	高危	v0.8.0	0.17.0	golang: net/http, x/net/http2: rapid stream resets can cause excessive work (CVE-2023-44487) 漏洞详情: https://avd.aquasec.com/nvd/cve-2023-39325 镜像层: sha256:1fefc1deaca61a920dcbe66f0e29db11a3afa054ccf89bc6b80e22b8b702a126 发布日期: 2023-10-11 22:15 修改: 2024-04-28 04:15
stdlib	CVE-2023-39325	高危	1.20.5	1.20.10, 1.21.3	golang: net/http, x/net/http2: rapid stream resets can cause excessive work (CVE-2023-44487) 漏洞详情: https://avd.aquasec.com/nvd/cve-2023-39325 镜像层: sha256:1fefc1deaca61a920dcbe66f0e29db11a3afa054ccf89bc6b80e22b8b702a126 发布日期: 2023-10-11 22:15 修改: 2024-04-28 04:15
stdlib	CVE-2023-45283	高危	1.20.5	1.20.11, 1.21.4, 1.20.12, 1.21.5	The filepath package does not recognize paths with a \??\ prefix as sp ... 漏洞详情: https://avd.aquasec.com/nvd/cve-2023-45283 镜像层: sha256:1fefc1deaca61a920dcbe66f0e29db11a3afa054ccf89bc6b80e22b8b702a126 发布日期: 2023-11-09 17:15 修改: 2023-12-14 10:15
stdlib	CVE-2023-45288	高危	1.20.5	1.21.9, 1.22.2	golang: net/http, x/net/http2: unlimited number of CONTINUATION frames causes DoS 漏洞详情: https://avd.aquasec.com/nvd/cve-2023-45288 镜像层: sha256:1fefc1deaca61a920dcbe66f0e29db11a3afa054ccf89bc6b80e22b8b702a126 发布日期: 2024-04-04 21:15 修改: 2024-08-26 21:35
stdlib	CVE-2024-34156	高危	1.20.5	1.22.7, 1.23.1	encoding/gob: golang: Calling Decoder.Decode on a message which contains deeply nested structures can cause a panic due to stack exhaustion 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-34156 镜像层: sha256:1fefc1deaca61a920dcbe66f0e29db11a3afa054ccf89bc6b80e22b8b702a126 发布日期: 2024-09-06 21:15 修改: 2024-09-09 15:35
golang.org/x/net	CVE-2023-44487	中危	v0.8.0	0.17.0	HTTP/2: Multiple HTTP/2 enabled web servers are vulnerable to a DDoS attack (Rapid Reset Attack) 漏洞详情: https://avd.aquasec.com/nvd/cve-2023-44487 镜像层: sha256:1fefc1deaca61a920dcbe66f0e29db11a3afa054ccf89bc6b80e22b8b702a126 发布日期: 2023-10-10 14:15 修改: 2024-12-20 17:40
golang.org/x/net	CVE-2023-45288	中危	v0.8.0	0.23.0	golang: net/http, x/net/http2: unlimited number of CONTINUATION frames causes DoS 漏洞详情: https://avd.aquasec.com/nvd/cve-2023-45288 镜像层: sha256:1fefc1deaca61a920dcbe66f0e29db11a3afa054ccf89bc6b80e22b8b702a126 发布日期: 2024-04-04 21:15 修改: 2024-08-26 21:35
golang.org/x/net	CVE-2023-3978	中危	v0.8.0	0.13.0	golang.org/x/net/html: Cross site scripting 漏洞详情: https://avd.aquasec.com/nvd/cve-2023-3978 镜像层: sha256:1fefc1deaca61a920dcbe66f0e29db11a3afa054ccf89bc6b80e22b8b702a126 发布日期: 2023-08-02 20:15 修改: 2023-11-07 04:20
google.golang.org/grpc	CVE-2023-44487	中危	v1.54.0	1.58.3, 1.57.1, 1.56.3	HTTP/2: Multiple HTTP/2 enabled web servers are vulnerable to a DDoS attack (Rapid Reset Attack) 漏洞详情: https://avd.aquasec.com/nvd/cve-2023-44487 镜像层: sha256:1fefc1deaca61a920dcbe66f0e29db11a3afa054ccf89bc6b80e22b8b702a126 发布日期: 2023-10-10 14:15 修改: 2024-12-20 17:40
google.golang.org/protobuf	CVE-2024-24786	中危	v1.30.0	1.33.0	golang-protobuf: encoding/protojson, internal/encoding/json: infinite loop in protojson.Unmarshal when unmarshaling certain forms of invalid JSON 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-24786 镜像层: sha256:1fefc1deaca61a920dcbe66f0e29db11a3afa054ccf89bc6b80e22b8b702a126 发布日期: 2024-03-05 23:15 修改: 2024-11-07 17:35
stdlib	CVE-2023-29406	中危	1.20.5	1.19.11, 1.20.6	golang: net/http: insufficient sanitization of Host header 漏洞详情: https://avd.aquasec.com/nvd/cve-2023-29406 镜像层: sha256:1fefc1deaca61a920dcbe66f0e29db11a3afa054ccf89bc6b80e22b8b702a126 发布日期: 2023-07-11 20:15 修改: 2023-11-25 11:15
stdlib	CVE-2023-29409	中危	1.20.5	1.19.12, 1.20.7, 1.21.0-rc.4	golang: crypto/tls: slow verification of certificate chains containing large RSA keys 漏洞详情: https://avd.aquasec.com/nvd/cve-2023-29409 镜像层: sha256:1fefc1deaca61a920dcbe66f0e29db11a3afa054ccf89bc6b80e22b8b702a126 发布日期: 2023-08-02 20:15 修改: 2023-11-25 11:15
stdlib	CVE-2023-39318	中危	1.20.5	1.20.8, 1.21.1	golang: html/template: improper handling of HTML-like comments within script contexts 漏洞详情: https://avd.aquasec.com/nvd/cve-2023-39318 镜像层: sha256:1fefc1deaca61a920dcbe66f0e29db11a3afa054ccf89bc6b80e22b8b702a126 发布日期: 2023-09-08 17:15 修改: 2023-11-25 11:15
stdlib	CVE-2023-39319	中危	1.20.5	1.20.8, 1.21.1	golang: html/template: improper handling of special tags within script contexts 漏洞详情: https://avd.aquasec.com/nvd/cve-2023-39319 镜像层: sha256:1fefc1deaca61a920dcbe66f0e29db11a3afa054ccf89bc6b80e22b8b702a126 发布日期: 2023-09-08 17:15 修改: 2023-11-25 11:15
stdlib	CVE-2023-39326	中危	1.20.5	1.20.12, 1.21.5	golang: net/http/internal: Denial of Service (DoS) via Resource Consumption via HTTP requests 漏洞详情: https://avd.aquasec.com/nvd/cve-2023-39326 镜像层: sha256:1fefc1deaca61a920dcbe66f0e29db11a3afa054ccf89bc6b80e22b8b702a126 发布日期: 2023-12-06 17:15 修改: 2024-01-20 04:15
stdlib	CVE-2023-45284	中危	1.20.5	1.20.11, 1.21.4	On Windows, The IsLocal function does not correctly detect reserved de ... 漏洞详情: https://avd.aquasec.com/nvd/cve-2023-45284 镜像层: sha256:1fefc1deaca61a920dcbe66f0e29db11a3afa054ccf89bc6b80e22b8b702a126 发布日期: 2023-11-09 17:15 修改: 2024-09-03 19:35
stdlib	CVE-2023-45289	中危	1.20.5	1.21.8, 1.22.1	golang: net/http/cookiejar: incorrect forwarding of sensitive headers and cookies on HTTP redirect 漏洞详情: https://avd.aquasec.com/nvd/cve-2023-45289 镜像层: sha256:1fefc1deaca61a920dcbe66f0e29db11a3afa054ccf89bc6b80e22b8b702a126 发布日期: 2024-03-05 23:15 修改: 2024-11-04 19:35
stdlib	CVE-2023-45290	中危	1.20.5	1.21.8, 1.22.1	golang: net/http: golang: mime/multipart: golang: net/textproto: memory exhaustion in Request.ParseMultipartForm 漏洞详情: https://avd.aquasec.com/nvd/cve-2023-45290 镜像层: sha256:1fefc1deaca61a920dcbe66f0e29db11a3afa054ccf89bc6b80e22b8b702a126 发布日期: 2024-03-05 23:15 修改: 2024-11-07 11:35
stdlib	CVE-2024-24783	中危	1.20.5	1.21.8, 1.22.1	golang: crypto/x509: Verify panics on certificates with an unknown public key algorithm 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-24783 镜像层: sha256:1fefc1deaca61a920dcbe66f0e29db11a3afa054ccf89bc6b80e22b8b702a126 发布日期: 2024-03-05 23:15 修改: 2024-11-05 17:35
stdlib	CVE-2024-24784	中危	1.20.5	1.21.8, 1.22.1	golang: net/mail: comments in display names are incorrectly handled 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-24784 镜像层: sha256:1fefc1deaca61a920dcbe66f0e29db11a3afa054ccf89bc6b80e22b8b702a126 发布日期: 2024-03-05 23:15 修改: 2024-08-05 21:35
stdlib	CVE-2024-24785	中危	1.20.5	1.21.8, 1.22.1	golang: html/template: errors returned from MarshalJSON methods may break template escaping 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-24785 镜像层: sha256:1fefc1deaca61a920dcbe66f0e29db11a3afa054ccf89bc6b80e22b8b702a126 发布日期: 2024-03-05 23:15 修改: 2024-05-01 17:15
stdlib	CVE-2024-24789	中危	1.20.5	1.21.11, 1.22.4	golang: archive/zip: Incorrect handling of certain ZIP files 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-24789 镜像层: sha256:1fefc1deaca61a920dcbe66f0e29db11a3afa054ccf89bc6b80e22b8b702a126 发布日期: 2024-06-05 16:15 修改: 2024-07-03 01:48
stdlib	CVE-2024-24791	中危	1.20.5	1.21.12, 1.22.5	net/http: Denial of service due to improper 100-continue handling in net/http 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-24791 镜像层: sha256:1fefc1deaca61a920dcbe66f0e29db11a3afa054ccf89bc6b80e22b8b702a126 发布日期: 2024-07-02 22:15 修改: 2024-07-08 14:17
stdlib	CVE-2024-34155	中危	1.20.5	1.22.7, 1.23.1	go/parser: golang: Calling any of the Parse functions containing deeply nested literals can cause a panic/stack exhaustion 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-34155 镜像层: sha256:1fefc1deaca61a920dcbe66f0e29db11a3afa054ccf89bc6b80e22b8b702a126 发布日期: 2024-09-06 21:15 修改: 2024-11-04 17:35
stdlib	CVE-2024-34158	中危	1.20.5	1.22.7, 1.23.1	go/build/constraint: golang: Calling Parse on a "// +build" build tag line with deeply nested expressions can cause a panic due to stack exhaustion 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-34158 镜像层: sha256:1fefc1deaca61a920dcbe66f0e29db11a3afa054ccf89bc6b80e22b8b702a126 发布日期: 2024-09-06 21:15 修改: 2024-09-09 14:35

usr/local/bin/gitlab-pages (gobinary)

低危漏洞:1

中危漏洞:22

高危漏洞:11

严重漏洞:2

软件包	漏洞	安全状态	安装版本	修复版本	漏洞信息
golang.org/x/crypto	CVE-2024-45337	严重	v0.0.0-20210921155107-089bfa567519	0.31.0	golang.org/x/crypto/ssh: Misuse of ServerConfig.PublicKeyCallback may cause authorization bypass in golang.org/x/crypto 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-45337 镜像层: sha256:1fefc1deaca61a920dcbe66f0e29db11a3afa054ccf89bc6b80e22b8b702a126 发布日期: 2024-12-12 02:02 修改: 2024-12-12 21:15
stdlib	CVE-2024-24790	严重	1.20.5	1.21.11, 1.22.4	golang: net/netip: Unexpected behavior from Is methods for IPv4-mapped IPv6 addresses 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-24790 镜像层: sha256:1fefc1deaca61a920dcbe66f0e29db11a3afa054ccf89bc6b80e22b8b702a126 发布日期: 2024-06-05 16:15 修改: 2024-09-03 18:35
golang.org/x/crypto	CVE-2022-27191	高危	v0.0.0-20210921155107-089bfa567519	0.0.0-20220314234659-1baeb1ce4c0b	golang: crash in a golang.org/x/crypto/ssh server 漏洞详情: https://avd.aquasec.com/nvd/cve-2022-27191 镜像层: sha256:1fefc1deaca61a920dcbe66f0e29db11a3afa054ccf89bc6b80e22b8b702a126 发布日期: 2022-03-18 07:15 修改: 2023-11-07 03:45
golang.org/x/net	CVE-2022-27664	高危	v0.0.0-20211008194852-3b03d305991f	0.0.0-20220906165146-f3363e06e74c	golang: net/http: handle server errors after sending GOAWAY 漏洞详情: https://avd.aquasec.com/nvd/cve-2022-27664 镜像层: sha256:1fefc1deaca61a920dcbe66f0e29db11a3afa054ccf89bc6b80e22b8b702a126 发布日期: 2022-09-06 18:15 修改: 2023-11-07 03:45
golang.org/x/net	CVE-2022-41723	高危	v0.0.0-20211008194852-3b03d305991f	0.7.0	golang.org/x/net/http2: avoid quadratic complexity in HPACK decoding 漏洞详情: https://avd.aquasec.com/nvd/cve-2022-41723 镜像层: sha256:1fefc1deaca61a920dcbe66f0e29db11a3afa054ccf89bc6b80e22b8b702a126 发布日期: 2023-02-28 18:15 修改: 2023-11-25 11:15
golang.org/x/net	CVE-2023-39325	高危	v0.0.0-20211008194852-3b03d305991f	0.17.0	golang: net/http, x/net/http2: rapid stream resets can cause excessive work (CVE-2023-44487) 漏洞详情: https://avd.aquasec.com/nvd/cve-2023-39325 镜像层: sha256:1fefc1deaca61a920dcbe66f0e29db11a3afa054ccf89bc6b80e22b8b702a126 发布日期: 2023-10-11 22:15 修改: 2024-04-28 04:15
golang.org/x/net	CVE-2024-45338	高危	v0.0.0-20211008194852-3b03d305991f	0.33.0	golang.org/x/net/html: Non-linear parsing of case-insensitive content in golang.org/x/net/html 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-45338 镜像层: sha256:1fefc1deaca61a920dcbe66f0e29db11a3afa054ccf89bc6b80e22b8b702a126 发布日期: 2024-12-18 21:15 修改: 2024-12-31 20:16
google.golang.org/grpc	GHSA-m425-mq94-257g	高危	v1.40.0	1.56.3, 1.57.1, 1.58.3	gRPC-Go HTTP/2 Rapid Reset vulnerability 漏洞详情: https://github.com/advisories/GHSA-m425-mq94-257g 镜像层: sha256:1fefc1deaca61a920dcbe66f0e29db11a3afa054ccf89bc6b80e22b8b702a126 发布日期: 0001-01-01 00:00 修改: 0001-01-01 00:00
golang.org/x/crypto	CVE-2021-43565	高危	v0.0.0-20210921155107-089bfa567519	0.0.0-20211202192323-5770296d904e	golang.org/x/crypto: empty plaintext packet causes panic 漏洞详情: https://avd.aquasec.com/nvd/cve-2021-43565 镜像层: sha256:1fefc1deaca61a920dcbe66f0e29db11a3afa054ccf89bc6b80e22b8b702a126 发布日期: 2022-09-06 18:15 修改: 2023-11-07 03:39
stdlib	CVE-2023-39325	高危	1.20.5	1.20.10, 1.21.3	golang: net/http, x/net/http2: rapid stream resets can cause excessive work (CVE-2023-44487) 漏洞详情: https://avd.aquasec.com/nvd/cve-2023-39325 镜像层: sha256:1fefc1deaca61a920dcbe66f0e29db11a3afa054ccf89bc6b80e22b8b702a126 发布日期: 2023-10-11 22:15 修改: 2024-04-28 04:15
stdlib	CVE-2023-45283	高危	1.20.5	1.20.11, 1.21.4, 1.20.12, 1.21.5	The filepath package does not recognize paths with a \??\ prefix as sp ... 漏洞详情: https://avd.aquasec.com/nvd/cve-2023-45283 镜像层: sha256:1fefc1deaca61a920dcbe66f0e29db11a3afa054ccf89bc6b80e22b8b702a126 发布日期: 2023-11-09 17:15 修改: 2023-12-14 10:15
stdlib	CVE-2023-45288	高危	1.20.5	1.21.9, 1.22.2	golang: net/http, x/net/http2: unlimited number of CONTINUATION frames causes DoS 漏洞详情: https://avd.aquasec.com/nvd/cve-2023-45288 镜像层: sha256:1fefc1deaca61a920dcbe66f0e29db11a3afa054ccf89bc6b80e22b8b702a126 发布日期: 2024-04-04 21:15 修改: 2024-08-26 21:35
stdlib	CVE-2024-34156	高危	1.20.5	1.22.7, 1.23.1	encoding/gob: golang: Calling Decoder.Decode on a message which contains deeply nested structures can cause a panic due to stack exhaustion 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-34156 镜像层: sha256:1fefc1deaca61a920dcbe66f0e29db11a3afa054ccf89bc6b80e22b8b702a126 发布日期: 2024-09-06 21:15 修改: 2024-09-09 15:35
google.golang.org/grpc	CVE-2023-44487	中危	v1.40.0	1.58.3, 1.57.1, 1.56.3	HTTP/2: Multiple HTTP/2 enabled web servers are vulnerable to a DDoS attack (Rapid Reset Attack) 漏洞详情: https://avd.aquasec.com/nvd/cve-2023-44487 镜像层: sha256:1fefc1deaca61a920dcbe66f0e29db11a3afa054ccf89bc6b80e22b8b702a126 发布日期: 2023-10-10 14:15 修改: 2024-12-20 17:40
google.golang.org/protobuf	CVE-2024-24786	中危	v1.27.1	1.33.0	golang-protobuf: encoding/protojson, internal/encoding/json: infinite loop in protojson.Unmarshal when unmarshaling certain forms of invalid JSON 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-24786 镜像层: sha256:1fefc1deaca61a920dcbe66f0e29db11a3afa054ccf89bc6b80e22b8b702a126 发布日期: 2024-03-05 23:15 修改: 2024-11-07 17:35
golang.org/x/net	CVE-2022-41717	中危	v0.0.0-20211008194852-3b03d305991f	0.4.0	golang: net/http: excessive memory growth in a Go server accepting HTTP/2 requests 漏洞详情: https://avd.aquasec.com/nvd/cve-2022-41717 镜像层: sha256:1fefc1deaca61a920dcbe66f0e29db11a3afa054ccf89bc6b80e22b8b702a126 发布日期: 2022-12-08 20:15 修改: 2024-01-18 03:15
golang.org/x/net	CVE-2023-3978	中危	v0.0.0-20211008194852-3b03d305991f	0.13.0	golang.org/x/net/html: Cross site scripting 漏洞详情: https://avd.aquasec.com/nvd/cve-2023-3978 镜像层: sha256:1fefc1deaca61a920dcbe66f0e29db11a3afa054ccf89bc6b80e22b8b702a126 发布日期: 2023-08-02 20:15 修改: 2023-11-07 04:20
golang.org/x/net	CVE-2023-44487	中危	v0.0.0-20211008194852-3b03d305991f	0.17.0	HTTP/2: Multiple HTTP/2 enabled web servers are vulnerable to a DDoS attack (Rapid Reset Attack) 漏洞详情: https://avd.aquasec.com/nvd/cve-2023-44487 镜像层: sha256:1fefc1deaca61a920dcbe66f0e29db11a3afa054ccf89bc6b80e22b8b702a126 发布日期: 2023-10-10 14:15 修改: 2024-12-20 17:40
golang.org/x/net	CVE-2023-45288	中危	v0.0.0-20211008194852-3b03d305991f	0.23.0	golang: net/http, x/net/http2: unlimited number of CONTINUATION frames causes DoS 漏洞详情: https://avd.aquasec.com/nvd/cve-2023-45288 镜像层: sha256:1fefc1deaca61a920dcbe66f0e29db11a3afa054ccf89bc6b80e22b8b702a126 发布日期: 2024-04-04 21:15 修改: 2024-08-26 21:35
golang.org/x/crypto	CVE-2023-48795	中危	v0.0.0-20210921155107-089bfa567519	0.17.0	ssh: Prefix truncation attack on Binary Packet Protocol (BPP) 漏洞详情: https://avd.aquasec.com/nvd/cve-2023-48795 镜像层: sha256:1fefc1deaca61a920dcbe66f0e29db11a3afa054ccf89bc6b80e22b8b702a126 发布日期: 2023-12-18 16:15 修改: 2024-12-02 14:54
stdlib	CVE-2023-29406	中危	1.20.5	1.19.11, 1.20.6	golang: net/http: insufficient sanitization of Host header 漏洞详情: https://avd.aquasec.com/nvd/cve-2023-29406 镜像层: sha256:1fefc1deaca61a920dcbe66f0e29db11a3afa054ccf89bc6b80e22b8b702a126 发布日期: 2023-07-11 20:15 修改: 2023-11-25 11:15
stdlib	CVE-2023-29409	中危	1.20.5	1.19.12, 1.20.7, 1.21.0-rc.4	golang: crypto/tls: slow verification of certificate chains containing large RSA keys 漏洞详情: https://avd.aquasec.com/nvd/cve-2023-29409 镜像层: sha256:1fefc1deaca61a920dcbe66f0e29db11a3afa054ccf89bc6b80e22b8b702a126 发布日期: 2023-08-02 20:15 修改: 2023-11-25 11:15
stdlib	CVE-2023-39318	中危	1.20.5	1.20.8, 1.21.1	golang: html/template: improper handling of HTML-like comments within script contexts 漏洞详情: https://avd.aquasec.com/nvd/cve-2023-39318 镜像层: sha256:1fefc1deaca61a920dcbe66f0e29db11a3afa054ccf89bc6b80e22b8b702a126 发布日期: 2023-09-08 17:15 修改: 2023-11-25 11:15
stdlib	CVE-2023-39319	中危	1.20.5	1.20.8, 1.21.1	golang: html/template: improper handling of special tags within script contexts 漏洞详情: https://avd.aquasec.com/nvd/cve-2023-39319 镜像层: sha256:1fefc1deaca61a920dcbe66f0e29db11a3afa054ccf89bc6b80e22b8b702a126 发布日期: 2023-09-08 17:15 修改: 2023-11-25 11:15
stdlib	CVE-2023-39326	中危	1.20.5	1.20.12, 1.21.5	golang: net/http/internal: Denial of Service (DoS) via Resource Consumption via HTTP requests 漏洞详情: https://avd.aquasec.com/nvd/cve-2023-39326 镜像层: sha256:1fefc1deaca61a920dcbe66f0e29db11a3afa054ccf89bc6b80e22b8b702a126 发布日期: 2023-12-06 17:15 修改: 2024-01-20 04:15
stdlib	CVE-2023-45284	中危	1.20.5	1.20.11, 1.21.4	On Windows, The IsLocal function does not correctly detect reserved de ... 漏洞详情: https://avd.aquasec.com/nvd/cve-2023-45284 镜像层: sha256:1fefc1deaca61a920dcbe66f0e29db11a3afa054ccf89bc6b80e22b8b702a126 发布日期: 2023-11-09 17:15 修改: 2024-09-03 19:35
stdlib	CVE-2023-45289	中危	1.20.5	1.21.8, 1.22.1	golang: net/http/cookiejar: incorrect forwarding of sensitive headers and cookies on HTTP redirect 漏洞详情: https://avd.aquasec.com/nvd/cve-2023-45289 镜像层: sha256:1fefc1deaca61a920dcbe66f0e29db11a3afa054ccf89bc6b80e22b8b702a126 发布日期: 2024-03-05 23:15 修改: 2024-11-04 19:35
stdlib	CVE-2023-45290	中危	1.20.5	1.21.8, 1.22.1	golang: net/http: golang: mime/multipart: golang: net/textproto: memory exhaustion in Request.ParseMultipartForm 漏洞详情: https://avd.aquasec.com/nvd/cve-2023-45290 镜像层: sha256:1fefc1deaca61a920dcbe66f0e29db11a3afa054ccf89bc6b80e22b8b702a126 发布日期: 2024-03-05 23:15 修改: 2024-11-07 11:35
stdlib	CVE-2024-24783	中危	1.20.5	1.21.8, 1.22.1	golang: crypto/x509: Verify panics on certificates with an unknown public key algorithm 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-24783 镜像层: sha256:1fefc1deaca61a920dcbe66f0e29db11a3afa054ccf89bc6b80e22b8b702a126 发布日期: 2024-03-05 23:15 修改: 2024-11-05 17:35
stdlib	CVE-2024-24784	中危	1.20.5	1.21.8, 1.22.1	golang: net/mail: comments in display names are incorrectly handled 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-24784 镜像层: sha256:1fefc1deaca61a920dcbe66f0e29db11a3afa054ccf89bc6b80e22b8b702a126 发布日期: 2024-03-05 23:15 修改: 2024-08-05 21:35
stdlib	CVE-2024-24785	中危	1.20.5	1.21.8, 1.22.1	golang: html/template: errors returned from MarshalJSON methods may break template escaping 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-24785 镜像层: sha256:1fefc1deaca61a920dcbe66f0e29db11a3afa054ccf89bc6b80e22b8b702a126 发布日期: 2024-03-05 23:15 修改: 2024-05-01 17:15
stdlib	CVE-2024-24789	中危	1.20.5	1.21.11, 1.22.4	golang: archive/zip: Incorrect handling of certain ZIP files 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-24789 镜像层: sha256:1fefc1deaca61a920dcbe66f0e29db11a3afa054ccf89bc6b80e22b8b702a126 发布日期: 2024-06-05 16:15 修改: 2024-07-03 01:48
stdlib	CVE-2024-24791	中危	1.20.5	1.21.12, 1.22.5	net/http: Denial of service due to improper 100-continue handling in net/http 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-24791 镜像层: sha256:1fefc1deaca61a920dcbe66f0e29db11a3afa054ccf89bc6b80e22b8b702a126 发布日期: 2024-07-02 22:15 修改: 2024-07-08 14:17
stdlib	CVE-2024-34155	中危	1.20.5	1.22.7, 1.23.1	go/parser: golang: Calling any of the Parse functions containing deeply nested literals can cause a panic/stack exhaustion 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-34155 镜像层: sha256:1fefc1deaca61a920dcbe66f0e29db11a3afa054ccf89bc6b80e22b8b702a126 发布日期: 2024-09-06 21:15 修改: 2024-11-04 17:35
stdlib	CVE-2024-34158	中危	1.20.5	1.22.7, 1.23.1	go/build/constraint: golang: Calling Parse on a "// +build" build tag line with deeply nested expressions can cause a panic due to stack exhaustion 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-34158 镜像层: sha256:1fefc1deaca61a920dcbe66f0e29db11a3afa054ccf89bc6b80e22b8b702a126 发布日期: 2024-09-06 21:15 修改: 2024-09-09 14:35
github.com/golang-jwt/jwt/v4	CVE-2024-51744	低危	v4.1.0	4.5.1	golang-jwt: Bad documentation of error handling in ParseWithClaims can lead to potentially dangerous situations in golang-jwt 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-51744 镜像层: sha256:1fefc1deaca61a920dcbe66f0e29db11a3afa054ccf89bc6b80e22b8b702a126 发布日期: 2024-11-04 22:15 修改: 2024-11-05 16:04

usr/local/bin/gitlab-resize-image (gobinary)

低危漏洞:1

中危漏洞:17

高危漏洞:5

严重漏洞:1

软件包	漏洞	安全状态	安装版本	修复版本	漏洞信息
stdlib	CVE-2024-24790	严重	1.20.5	1.21.11, 1.22.4	golang: net/netip: Unexpected behavior from Is methods for IPv4-mapped IPv6 addresses 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-24790 镜像层: sha256:1fefc1deaca61a920dcbe66f0e29db11a3afa054ccf89bc6b80e22b8b702a126 发布日期: 2024-06-05 16:15 修改: 2024-09-03 18:35
golang.org/x/image	CVE-2024-24792	高危	v0.5.0	0.18.0	Parsing a corrupt or malicious image with invalid color indices can ca ... 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-24792 镜像层: sha256:1fefc1deaca61a920dcbe66f0e29db11a3afa054ccf89bc6b80e22b8b702a126 发布日期: 2024-06-27 18:15 修改: 2024-08-01 13:47
stdlib	CVE-2023-39325	高危	1.20.5	1.20.10, 1.21.3	golang: net/http, x/net/http2: rapid stream resets can cause excessive work (CVE-2023-44487) 漏洞详情: https://avd.aquasec.com/nvd/cve-2023-39325 镜像层: sha256:1fefc1deaca61a920dcbe66f0e29db11a3afa054ccf89bc6b80e22b8b702a126 发布日期: 2023-10-11 22:15 修改: 2024-04-28 04:15
stdlib	CVE-2023-45283	高危	1.20.5	1.20.11, 1.21.4, 1.20.12, 1.21.5	The filepath package does not recognize paths with a \??\ prefix as sp ... 漏洞详情: https://avd.aquasec.com/nvd/cve-2023-45283 镜像层: sha256:1fefc1deaca61a920dcbe66f0e29db11a3afa054ccf89bc6b80e22b8b702a126 发布日期: 2023-11-09 17:15 修改: 2023-12-14 10:15
stdlib	CVE-2023-45288	高危	1.20.5	1.21.9, 1.22.2	golang: net/http, x/net/http2: unlimited number of CONTINUATION frames causes DoS 漏洞详情: https://avd.aquasec.com/nvd/cve-2023-45288 镜像层: sha256:1fefc1deaca61a920dcbe66f0e29db11a3afa054ccf89bc6b80e22b8b702a126 发布日期: 2024-04-04 21:15 修改: 2024-08-26 21:35
stdlib	CVE-2024-34156	高危	1.20.5	1.22.7, 1.23.1	encoding/gob: golang: Calling Decoder.Decode on a message which contains deeply nested structures can cause a panic due to stack exhaustion 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-34156 镜像层: sha256:1fefc1deaca61a920dcbe66f0e29db11a3afa054ccf89bc6b80e22b8b702a126 发布日期: 2024-09-06 21:15 修改: 2024-09-09 15:35
golang.org/x/image	CVE-2023-29408	中危	v0.5.0	0.10.0	golang.org/x/image/tiff: TIFF decoder does not place a limit on the size of compressed tile data 漏洞详情: https://avd.aquasec.com/nvd/cve-2023-29408 镜像层: sha256:1fefc1deaca61a920dcbe66f0e29db11a3afa054ccf89bc6b80e22b8b702a126 发布日期: 2023-08-02 20:15 修改: 2023-11-07 04:11
golang.org/x/image	CVE-2023-29407	中危	v0.5.0	0.10.0	golang.org/x/image/tiff: excessive CPU consumption in decoding 漏洞详情: https://avd.aquasec.com/nvd/cve-2023-29407 镜像层: sha256:1fefc1deaca61a920dcbe66f0e29db11a3afa054ccf89bc6b80e22b8b702a126 发布日期: 2023-08-02 20:15 修改: 2023-11-07 04:11
stdlib	CVE-2023-29406	中危	1.20.5	1.19.11, 1.20.6	golang: net/http: insufficient sanitization of Host header 漏洞详情: https://avd.aquasec.com/nvd/cve-2023-29406 镜像层: sha256:1fefc1deaca61a920dcbe66f0e29db11a3afa054ccf89bc6b80e22b8b702a126 发布日期: 2023-07-11 20:15 修改: 2023-11-25 11:15
stdlib	CVE-2023-29409	中危	1.20.5	1.19.12, 1.20.7, 1.21.0-rc.4	golang: crypto/tls: slow verification of certificate chains containing large RSA keys 漏洞详情: https://avd.aquasec.com/nvd/cve-2023-29409 镜像层: sha256:1fefc1deaca61a920dcbe66f0e29db11a3afa054ccf89bc6b80e22b8b702a126 发布日期: 2023-08-02 20:15 修改: 2023-11-25 11:15
stdlib	CVE-2023-39318	中危	1.20.5	1.20.8, 1.21.1	golang: html/template: improper handling of HTML-like comments within script contexts 漏洞详情: https://avd.aquasec.com/nvd/cve-2023-39318 镜像层: sha256:1fefc1deaca61a920dcbe66f0e29db11a3afa054ccf89bc6b80e22b8b702a126 发布日期: 2023-09-08 17:15 修改: 2023-11-25 11:15
stdlib	CVE-2023-39319	中危	1.20.5	1.20.8, 1.21.1	golang: html/template: improper handling of special tags within script contexts 漏洞详情: https://avd.aquasec.com/nvd/cve-2023-39319 镜像层: sha256:1fefc1deaca61a920dcbe66f0e29db11a3afa054ccf89bc6b80e22b8b702a126 发布日期: 2023-09-08 17:15 修改: 2023-11-25 11:15
stdlib	CVE-2023-39326	中危	1.20.5	1.20.12, 1.21.5	golang: net/http/internal: Denial of Service (DoS) via Resource Consumption via HTTP requests 漏洞详情: https://avd.aquasec.com/nvd/cve-2023-39326 镜像层: sha256:1fefc1deaca61a920dcbe66f0e29db11a3afa054ccf89bc6b80e22b8b702a126 发布日期: 2023-12-06 17:15 修改: 2024-01-20 04:15
stdlib	CVE-2023-45284	中危	1.20.5	1.20.11, 1.21.4	On Windows, The IsLocal function does not correctly detect reserved de ... 漏洞详情: https://avd.aquasec.com/nvd/cve-2023-45284 镜像层: sha256:1fefc1deaca61a920dcbe66f0e29db11a3afa054ccf89bc6b80e22b8b702a126 发布日期: 2023-11-09 17:15 修改: 2024-09-03 19:35
stdlib	CVE-2023-45289	中危	1.20.5	1.21.8, 1.22.1	golang: net/http/cookiejar: incorrect forwarding of sensitive headers and cookies on HTTP redirect 漏洞详情: https://avd.aquasec.com/nvd/cve-2023-45289 镜像层: sha256:1fefc1deaca61a920dcbe66f0e29db11a3afa054ccf89bc6b80e22b8b702a126 发布日期: 2024-03-05 23:15 修改: 2024-11-04 19:35
stdlib	CVE-2023-45290	中危	1.20.5	1.21.8, 1.22.1	golang: net/http: golang: mime/multipart: golang: net/textproto: memory exhaustion in Request.ParseMultipartForm 漏洞详情: https://avd.aquasec.com/nvd/cve-2023-45290 镜像层: sha256:1fefc1deaca61a920dcbe66f0e29db11a3afa054ccf89bc6b80e22b8b702a126 发布日期: 2024-03-05 23:15 修改: 2024-11-07 11:35
stdlib	CVE-2024-24783	中危	1.20.5	1.21.8, 1.22.1	golang: crypto/x509: Verify panics on certificates with an unknown public key algorithm 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-24783 镜像层: sha256:1fefc1deaca61a920dcbe66f0e29db11a3afa054ccf89bc6b80e22b8b702a126 发布日期: 2024-03-05 23:15 修改: 2024-11-05 17:35
stdlib	CVE-2024-24784	中危	1.20.5	1.21.8, 1.22.1	golang: net/mail: comments in display names are incorrectly handled 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-24784 镜像层: sha256:1fefc1deaca61a920dcbe66f0e29db11a3afa054ccf89bc6b80e22b8b702a126 发布日期: 2024-03-05 23:15 修改: 2024-08-05 21:35
stdlib	CVE-2024-24785	中危	1.20.5	1.21.8, 1.22.1	golang: html/template: errors returned from MarshalJSON methods may break template escaping 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-24785 镜像层: sha256:1fefc1deaca61a920dcbe66f0e29db11a3afa054ccf89bc6b80e22b8b702a126 发布日期: 2024-03-05 23:15 修改: 2024-05-01 17:15
stdlib	CVE-2024-24789	中危	1.20.5	1.21.11, 1.22.4	golang: archive/zip: Incorrect handling of certain ZIP files 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-24789 镜像层: sha256:1fefc1deaca61a920dcbe66f0e29db11a3afa054ccf89bc6b80e22b8b702a126 发布日期: 2024-06-05 16:15 修改: 2024-07-03 01:48
stdlib	CVE-2024-24791	中危	1.20.5	1.21.12, 1.22.5	net/http: Denial of service due to improper 100-continue handling in net/http 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-24791 镜像层: sha256:1fefc1deaca61a920dcbe66f0e29db11a3afa054ccf89bc6b80e22b8b702a126 发布日期: 2024-07-02 22:15 修改: 2024-07-08 14:17
stdlib	CVE-2024-34155	中危	1.20.5	1.22.7, 1.23.1	go/parser: golang: Calling any of the Parse functions containing deeply nested literals can cause a panic/stack exhaustion 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-34155 镜像层: sha256:1fefc1deaca61a920dcbe66f0e29db11a3afa054ccf89bc6b80e22b8b702a126 发布日期: 2024-09-06 21:15 修改: 2024-11-04 17:35
stdlib	CVE-2024-34158	中危	1.20.5	1.22.7, 1.23.1	go/build/constraint: golang: Calling Parse on a "// +build" build tag line with deeply nested expressions can cause a panic due to stack exhaustion 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-34158 镜像层: sha256:1fefc1deaca61a920dcbe66f0e29db11a3afa054ccf89bc6b80e22b8b702a126 发布日期: 2024-09-06 21:15 修改: 2024-09-09 14:35
github.com/disintegration/imaging	CVE-2023-36308	低危	v1.6.2		disintegration Imaging 1.6.2 allows attackers to cause a panic (becaus ... 漏洞详情: https://avd.aquasec.com/nvd/cve-2023-36308 镜像层: sha256:1fefc1deaca61a920dcbe66f0e29db11a3afa054ccf89bc6b80e22b8b702a126 发布日期: 2023-09-05 04:15 修改: 2024-08-02 17:16

usr/local/bin/gitlab-workhorse (gobinary)

低危漏洞:1

中危漏洞:24

高危漏洞:8

严重漏洞:2

软件包	漏洞	安全状态	安装版本	修复版本	漏洞信息
golang.org/x/crypto	CVE-2024-45337	严重	v0.6.0	0.31.0	golang.org/x/crypto/ssh: Misuse of ServerConfig.PublicKeyCallback may cause authorization bypass in golang.org/x/crypto 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-45337 镜像层: sha256:1fefc1deaca61a920dcbe66f0e29db11a3afa054ccf89bc6b80e22b8b702a126 发布日期: 2024-12-12 02:02 修改: 2024-12-12 21:15
stdlib	CVE-2024-24790	严重	1.20.5	1.21.11, 1.22.4	golang: net/netip: Unexpected behavior from Is methods for IPv4-mapped IPv6 addresses 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-24790 镜像层: sha256:1fefc1deaca61a920dcbe66f0e29db11a3afa054ccf89bc6b80e22b8b702a126 发布日期: 2024-06-05 16:15 修改: 2024-09-03 18:35
golang.org/x/net	CVE-2023-39325	高危	v0.8.0	0.17.0	golang: net/http, x/net/http2: rapid stream resets can cause excessive work (CVE-2023-44487) 漏洞详情: https://avd.aquasec.com/nvd/cve-2023-39325 镜像层: sha256:1fefc1deaca61a920dcbe66f0e29db11a3afa054ccf89bc6b80e22b8b702a126 发布日期: 2023-10-11 22:15 修改: 2024-04-28 04:15
golang.org/x/net	CVE-2024-45338	高危	v0.8.0	0.33.0	golang.org/x/net/html: Non-linear parsing of case-insensitive content in golang.org/x/net/html 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-45338 镜像层: sha256:1fefc1deaca61a920dcbe66f0e29db11a3afa054ccf89bc6b80e22b8b702a126 发布日期: 2024-12-18 21:15 修改: 2024-12-31 20:16
google.golang.org/grpc	GHSA-m425-mq94-257g	高危	v1.54.0	1.56.3, 1.57.1, 1.58.3	gRPC-Go HTTP/2 Rapid Reset vulnerability 漏洞详情: https://github.com/advisories/GHSA-m425-mq94-257g 镜像层: sha256:1fefc1deaca61a920dcbe66f0e29db11a3afa054ccf89bc6b80e22b8b702a126 发布日期: 0001-01-01 00:00 修改: 0001-01-01 00:00
golang.org/x/image	CVE-2024-24792	高危	v0.5.0	0.18.0	Parsing a corrupt or malicious image with invalid color indices can ca ... 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-24792 镜像层: sha256:1fefc1deaca61a920dcbe66f0e29db11a3afa054ccf89bc6b80e22b8b702a126 发布日期: 2024-06-27 18:15 修改: 2024-08-01 13:47
stdlib	CVE-2023-39325	高危	1.20.5	1.20.10, 1.21.3	golang: net/http, x/net/http2: rapid stream resets can cause excessive work (CVE-2023-44487) 漏洞详情: https://avd.aquasec.com/nvd/cve-2023-39325 镜像层: sha256:1fefc1deaca61a920dcbe66f0e29db11a3afa054ccf89bc6b80e22b8b702a126 发布日期: 2023-10-11 22:15 修改: 2024-04-28 04:15
stdlib	CVE-2023-45283	高危	1.20.5	1.20.11, 1.21.4, 1.20.12, 1.21.5	The filepath package does not recognize paths with a \??\ prefix as sp ... 漏洞详情: https://avd.aquasec.com/nvd/cve-2023-45283 镜像层: sha256:1fefc1deaca61a920dcbe66f0e29db11a3afa054ccf89bc6b80e22b8b702a126 发布日期: 2023-11-09 17:15 修改: 2023-12-14 10:15
stdlib	CVE-2023-45288	高危	1.20.5	1.21.9, 1.22.2	golang: net/http, x/net/http2: unlimited number of CONTINUATION frames causes DoS 漏洞详情: https://avd.aquasec.com/nvd/cve-2023-45288 镜像层: sha256:1fefc1deaca61a920dcbe66f0e29db11a3afa054ccf89bc6b80e22b8b702a126 发布日期: 2024-04-04 21:15 修改: 2024-08-26 21:35
stdlib	CVE-2024-34156	高危	1.20.5	1.22.7, 1.23.1	encoding/gob: golang: Calling Decoder.Decode on a message which contains deeply nested structures can cause a panic due to stack exhaustion 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-34156 镜像层: sha256:1fefc1deaca61a920dcbe66f0e29db11a3afa054ccf89bc6b80e22b8b702a126 发布日期: 2024-09-06 21:15 修改: 2024-09-09 15:35
golang.org/x/net	CVE-2023-45288	中危	v0.8.0	0.23.0	golang: net/http, x/net/http2: unlimited number of CONTINUATION frames causes DoS 漏洞详情: https://avd.aquasec.com/nvd/cve-2023-45288 镜像层: sha256:1fefc1deaca61a920dcbe66f0e29db11a3afa054ccf89bc6b80e22b8b702a126 发布日期: 2024-04-04 21:15 修改: 2024-08-26 21:35
golang.org/x/image	CVE-2023-29407	中危	v0.5.0	0.10.0	golang.org/x/image/tiff: excessive CPU consumption in decoding 漏洞详情: https://avd.aquasec.com/nvd/cve-2023-29407 镜像层: sha256:1fefc1deaca61a920dcbe66f0e29db11a3afa054ccf89bc6b80e22b8b702a126 发布日期: 2023-08-02 20:15 修改: 2023-11-07 04:11
google.golang.org/grpc	CVE-2023-44487	中危	v1.54.0	1.58.3, 1.57.1, 1.56.3	HTTP/2: Multiple HTTP/2 enabled web servers are vulnerable to a DDoS attack (Rapid Reset Attack) 漏洞详情: https://avd.aquasec.com/nvd/cve-2023-44487 镜像层: sha256:1fefc1deaca61a920dcbe66f0e29db11a3afa054ccf89bc6b80e22b8b702a126 发布日期: 2023-10-10 14:15 修改: 2024-12-20 17:40
google.golang.org/protobuf	CVE-2024-24786	中危	v1.30.0	1.33.0	golang-protobuf: encoding/protojson, internal/encoding/json: infinite loop in protojson.Unmarshal when unmarshaling certain forms of invalid JSON 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-24786 镜像层: sha256:1fefc1deaca61a920dcbe66f0e29db11a3afa054ccf89bc6b80e22b8b702a126 发布日期: 2024-03-05 23:15 修改: 2024-11-07 17:35
golang.org/x/image	CVE-2023-29408	中危	v0.5.0	0.10.0	golang.org/x/image/tiff: TIFF decoder does not place a limit on the size of compressed tile data 漏洞详情: https://avd.aquasec.com/nvd/cve-2023-29408 镜像层: sha256:1fefc1deaca61a920dcbe66f0e29db11a3afa054ccf89bc6b80e22b8b702a126 发布日期: 2023-08-02 20:15 修改: 2023-11-07 04:11
golang.org/x/crypto	CVE-2023-48795	中危	v0.6.0	0.17.0	ssh: Prefix truncation attack on Binary Packet Protocol (BPP) 漏洞详情: https://avd.aquasec.com/nvd/cve-2023-48795 镜像层: sha256:1fefc1deaca61a920dcbe66f0e29db11a3afa054ccf89bc6b80e22b8b702a126 发布日期: 2023-12-18 16:15 修改: 2024-12-02 14:54
github.com/Azure/azure-sdk-for-go/sdk/azidentity	CVE-2024-35255	中危	v1.2.1	1.6.0	azure-identity: Azure Identity Libraries Elevation of Privilege Vulnerability in github.com/Azure/azure-sdk-for-go/sdk/azidentity 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-35255 镜像层: sha256:1fefc1deaca61a920dcbe66f0e29db11a3afa054ccf89bc6b80e22b8b702a126 发布日期: 2024-06-11 17:16 修改: 2024-06-20 16:31
golang.org/x/net	CVE-2023-3978	中危	v0.8.0	0.13.0	golang.org/x/net/html: Cross site scripting 漏洞详情: https://avd.aquasec.com/nvd/cve-2023-3978 镜像层: sha256:1fefc1deaca61a920dcbe66f0e29db11a3afa054ccf89bc6b80e22b8b702a126 发布日期: 2023-08-02 20:15 修改: 2023-11-07 04:20
golang.org/x/net	CVE-2023-44487	中危	v0.8.0	0.17.0	HTTP/2: Multiple HTTP/2 enabled web servers are vulnerable to a DDoS attack (Rapid Reset Attack) 漏洞详情: https://avd.aquasec.com/nvd/cve-2023-44487 镜像层: sha256:1fefc1deaca61a920dcbe66f0e29db11a3afa054ccf89bc6b80e22b8b702a126 发布日期: 2023-10-10 14:15 修改: 2024-12-20 17:40
stdlib	CVE-2023-29406	中危	1.20.5	1.19.11, 1.20.6	golang: net/http: insufficient sanitization of Host header 漏洞详情: https://avd.aquasec.com/nvd/cve-2023-29406 镜像层: sha256:1fefc1deaca61a920dcbe66f0e29db11a3afa054ccf89bc6b80e22b8b702a126 发布日期: 2023-07-11 20:15 修改: 2023-11-25 11:15
stdlib	CVE-2023-29409	中危	1.20.5	1.19.12, 1.20.7, 1.21.0-rc.4	golang: crypto/tls: slow verification of certificate chains containing large RSA keys 漏洞详情: https://avd.aquasec.com/nvd/cve-2023-29409 镜像层: sha256:1fefc1deaca61a920dcbe66f0e29db11a3afa054ccf89bc6b80e22b8b702a126 发布日期: 2023-08-02 20:15 修改: 2023-11-25 11:15
stdlib	CVE-2023-39318	中危	1.20.5	1.20.8, 1.21.1	golang: html/template: improper handling of HTML-like comments within script contexts 漏洞详情: https://avd.aquasec.com/nvd/cve-2023-39318 镜像层: sha256:1fefc1deaca61a920dcbe66f0e29db11a3afa054ccf89bc6b80e22b8b702a126 发布日期: 2023-09-08 17:15 修改: 2023-11-25 11:15
stdlib	CVE-2023-39319	中危	1.20.5	1.20.8, 1.21.1	golang: html/template: improper handling of special tags within script contexts 漏洞详情: https://avd.aquasec.com/nvd/cve-2023-39319 镜像层: sha256:1fefc1deaca61a920dcbe66f0e29db11a3afa054ccf89bc6b80e22b8b702a126 发布日期: 2023-09-08 17:15 修改: 2023-11-25 11:15
stdlib	CVE-2023-39326	中危	1.20.5	1.20.12, 1.21.5	golang: net/http/internal: Denial of Service (DoS) via Resource Consumption via HTTP requests 漏洞详情: https://avd.aquasec.com/nvd/cve-2023-39326 镜像层: sha256:1fefc1deaca61a920dcbe66f0e29db11a3afa054ccf89bc6b80e22b8b702a126 发布日期: 2023-12-06 17:15 修改: 2024-01-20 04:15
stdlib	CVE-2023-45284	中危	1.20.5	1.20.11, 1.21.4	On Windows, The IsLocal function does not correctly detect reserved de ... 漏洞详情: https://avd.aquasec.com/nvd/cve-2023-45284 镜像层: sha256:1fefc1deaca61a920dcbe66f0e29db11a3afa054ccf89bc6b80e22b8b702a126 发布日期: 2023-11-09 17:15 修改: 2024-09-03 19:35
stdlib	CVE-2023-45289	中危	1.20.5	1.21.8, 1.22.1	golang: net/http/cookiejar: incorrect forwarding of sensitive headers and cookies on HTTP redirect 漏洞详情: https://avd.aquasec.com/nvd/cve-2023-45289 镜像层: sha256:1fefc1deaca61a920dcbe66f0e29db11a3afa054ccf89bc6b80e22b8b702a126 发布日期: 2024-03-05 23:15 修改: 2024-11-04 19:35
stdlib	CVE-2023-45290	中危	1.20.5	1.21.8, 1.22.1	golang: net/http: golang: mime/multipart: golang: net/textproto: memory exhaustion in Request.ParseMultipartForm 漏洞详情: https://avd.aquasec.com/nvd/cve-2023-45290 镜像层: sha256:1fefc1deaca61a920dcbe66f0e29db11a3afa054ccf89bc6b80e22b8b702a126 发布日期: 2024-03-05 23:15 修改: 2024-11-07 11:35
stdlib	CVE-2024-24783	中危	1.20.5	1.21.8, 1.22.1	golang: crypto/x509: Verify panics on certificates with an unknown public key algorithm 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-24783 镜像层: sha256:1fefc1deaca61a920dcbe66f0e29db11a3afa054ccf89bc6b80e22b8b702a126 发布日期: 2024-03-05 23:15 修改: 2024-11-05 17:35
stdlib	CVE-2024-24784	中危	1.20.5	1.21.8, 1.22.1	golang: net/mail: comments in display names are incorrectly handled 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-24784 镜像层: sha256:1fefc1deaca61a920dcbe66f0e29db11a3afa054ccf89bc6b80e22b8b702a126 发布日期: 2024-03-05 23:15 修改: 2024-08-05 21:35
stdlib	CVE-2024-24785	中危	1.20.5	1.21.8, 1.22.1	golang: html/template: errors returned from MarshalJSON methods may break template escaping 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-24785 镜像层: sha256:1fefc1deaca61a920dcbe66f0e29db11a3afa054ccf89bc6b80e22b8b702a126 发布日期: 2024-03-05 23:15 修改: 2024-05-01 17:15
stdlib	CVE-2024-24789	中危	1.20.5	1.21.11, 1.22.4	golang: archive/zip: Incorrect handling of certain ZIP files 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-24789 镜像层: sha256:1fefc1deaca61a920dcbe66f0e29db11a3afa054ccf89bc6b80e22b8b702a126 发布日期: 2024-06-05 16:15 修改: 2024-07-03 01:48
stdlib	CVE-2024-24791	中危	1.20.5	1.21.12, 1.22.5	net/http: Denial of service due to improper 100-continue handling in net/http 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-24791 镜像层: sha256:1fefc1deaca61a920dcbe66f0e29db11a3afa054ccf89bc6b80e22b8b702a126 发布日期: 2024-07-02 22:15 修改: 2024-07-08 14:17
stdlib	CVE-2024-34155	中危	1.20.5	1.22.7, 1.23.1	go/parser: golang: Calling any of the Parse functions containing deeply nested literals can cause a panic/stack exhaustion 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-34155 镜像层: sha256:1fefc1deaca61a920dcbe66f0e29db11a3afa054ccf89bc6b80e22b8b702a126 发布日期: 2024-09-06 21:15 修改: 2024-11-04 17:35
stdlib	CVE-2024-34158	中危	1.20.5	1.22.7, 1.23.1	go/build/constraint: golang: Calling Parse on a "// +build" build tag line with deeply nested expressions can cause a panic due to stack exhaustion 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-34158 镜像层: sha256:1fefc1deaca61a920dcbe66f0e29db11a3afa054ccf89bc6b80e22b8b702a126 发布日期: 2024-09-06 21:15 修改: 2024-09-09 14:35
github.com/golang-jwt/jwt/v4	CVE-2024-51744	低危	v4.5.0	4.5.1	golang-jwt: Bad documentation of error handling in ParseWithClaims can lead to potentially dangerous situations in golang-jwt 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-51744 镜像层: sha256:1fefc1deaca61a920dcbe66f0e29db11a3afa054ccf89bc6b80e22b8b702a126 发布日期: 2024-11-04 22:15 修改: 2024-11-05 16:04

usr/local/bin/gitlab-zip-cat (gobinary)

低危漏洞:0

中危漏洞:20

高危漏洞:7

严重漏洞:1

软件包	漏洞	安全状态	安装版本	修复版本	漏洞信息
stdlib	CVE-2024-24790	严重	1.20.5	1.21.11, 1.22.4	golang: net/netip: Unexpected behavior from Is methods for IPv4-mapped IPv6 addresses 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-24790 镜像层: sha256:1fefc1deaca61a920dcbe66f0e29db11a3afa054ccf89bc6b80e22b8b702a126 发布日期: 2024-06-05 16:15 修改: 2024-09-03 18:35
golang.org/x/net	CVE-2024-45338	高危	v0.8.0	0.33.0	golang.org/x/net/html: Non-linear parsing of case-insensitive content in golang.org/x/net/html 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-45338 镜像层: sha256:1fefc1deaca61a920dcbe66f0e29db11a3afa054ccf89bc6b80e22b8b702a126 发布日期: 2024-12-18 21:15 修改: 2024-12-31 20:16
google.golang.org/grpc	GHSA-m425-mq94-257g	高危	v1.54.0	1.56.3, 1.57.1, 1.58.3	gRPC-Go HTTP/2 Rapid Reset vulnerability 漏洞详情: https://github.com/advisories/GHSA-m425-mq94-257g 镜像层: sha256:1fefc1deaca61a920dcbe66f0e29db11a3afa054ccf89bc6b80e22b8b702a126 发布日期: 0001-01-01 00:00 修改: 0001-01-01 00:00
golang.org/x/net	CVE-2023-39325	高危	v0.8.0	0.17.0	golang: net/http, x/net/http2: rapid stream resets can cause excessive work (CVE-2023-44487) 漏洞详情: https://avd.aquasec.com/nvd/cve-2023-39325 镜像层: sha256:1fefc1deaca61a920dcbe66f0e29db11a3afa054ccf89bc6b80e22b8b702a126 发布日期: 2023-10-11 22:15 修改: 2024-04-28 04:15
stdlib	CVE-2023-39325	高危	1.20.5	1.20.10, 1.21.3	golang: net/http, x/net/http2: rapid stream resets can cause excessive work (CVE-2023-44487) 漏洞详情: https://avd.aquasec.com/nvd/cve-2023-39325 镜像层: sha256:1fefc1deaca61a920dcbe66f0e29db11a3afa054ccf89bc6b80e22b8b702a126 发布日期: 2023-10-11 22:15 修改: 2024-04-28 04:15
stdlib	CVE-2023-45283	高危	1.20.5	1.20.11, 1.21.4, 1.20.12, 1.21.5	The filepath package does not recognize paths with a \??\ prefix as sp ... 漏洞详情: https://avd.aquasec.com/nvd/cve-2023-45283 镜像层: sha256:1fefc1deaca61a920dcbe66f0e29db11a3afa054ccf89bc6b80e22b8b702a126 发布日期: 2023-11-09 17:15 修改: 2023-12-14 10:15
stdlib	CVE-2023-45288	高危	1.20.5	1.21.9, 1.22.2	golang: net/http, x/net/http2: unlimited number of CONTINUATION frames causes DoS 漏洞详情: https://avd.aquasec.com/nvd/cve-2023-45288 镜像层: sha256:1fefc1deaca61a920dcbe66f0e29db11a3afa054ccf89bc6b80e22b8b702a126 发布日期: 2024-04-04 21:15 修改: 2024-08-26 21:35
stdlib	CVE-2024-34156	高危	1.20.5	1.22.7, 1.23.1	encoding/gob: golang: Calling Decoder.Decode on a message which contains deeply nested structures can cause a panic due to stack exhaustion 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-34156 镜像层: sha256:1fefc1deaca61a920dcbe66f0e29db11a3afa054ccf89bc6b80e22b8b702a126 发布日期: 2024-09-06 21:15 修改: 2024-09-09 15:35
golang.org/x/net	CVE-2023-44487	中危	v0.8.0	0.17.0	HTTP/2: Multiple HTTP/2 enabled web servers are vulnerable to a DDoS attack (Rapid Reset Attack) 漏洞详情: https://avd.aquasec.com/nvd/cve-2023-44487 镜像层: sha256:1fefc1deaca61a920dcbe66f0e29db11a3afa054ccf89bc6b80e22b8b702a126 发布日期: 2023-10-10 14:15 修改: 2024-12-20 17:40
golang.org/x/net	CVE-2023-45288	中危	v0.8.0	0.23.0	golang: net/http, x/net/http2: unlimited number of CONTINUATION frames causes DoS 漏洞详情: https://avd.aquasec.com/nvd/cve-2023-45288 镜像层: sha256:1fefc1deaca61a920dcbe66f0e29db11a3afa054ccf89bc6b80e22b8b702a126 发布日期: 2024-04-04 21:15 修改: 2024-08-26 21:35
golang.org/x/net	CVE-2023-3978	中危	v0.8.0	0.13.0	golang.org/x/net/html: Cross site scripting 漏洞详情: https://avd.aquasec.com/nvd/cve-2023-3978 镜像层: sha256:1fefc1deaca61a920dcbe66f0e29db11a3afa054ccf89bc6b80e22b8b702a126 发布日期: 2023-08-02 20:15 修改: 2023-11-07 04:20
google.golang.org/grpc	CVE-2023-44487	中危	v1.54.0	1.58.3, 1.57.1, 1.56.3	HTTP/2: Multiple HTTP/2 enabled web servers are vulnerable to a DDoS attack (Rapid Reset Attack) 漏洞详情: https://avd.aquasec.com/nvd/cve-2023-44487 镜像层: sha256:1fefc1deaca61a920dcbe66f0e29db11a3afa054ccf89bc6b80e22b8b702a126 发布日期: 2023-10-10 14:15 修改: 2024-12-20 17:40
google.golang.org/protobuf	CVE-2024-24786	中危	v1.30.0	1.33.0	golang-protobuf: encoding/protojson, internal/encoding/json: infinite loop in protojson.Unmarshal when unmarshaling certain forms of invalid JSON 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-24786 镜像层: sha256:1fefc1deaca61a920dcbe66f0e29db11a3afa054ccf89bc6b80e22b8b702a126 发布日期: 2024-03-05 23:15 修改: 2024-11-07 17:35
stdlib	CVE-2023-29406	中危	1.20.5	1.19.11, 1.20.6	golang: net/http: insufficient sanitization of Host header 漏洞详情: https://avd.aquasec.com/nvd/cve-2023-29406 镜像层: sha256:1fefc1deaca61a920dcbe66f0e29db11a3afa054ccf89bc6b80e22b8b702a126 发布日期: 2023-07-11 20:15 修改: 2023-11-25 11:15
stdlib	CVE-2023-29409	中危	1.20.5	1.19.12, 1.20.7, 1.21.0-rc.4	golang: crypto/tls: slow verification of certificate chains containing large RSA keys 漏洞详情: https://avd.aquasec.com/nvd/cve-2023-29409 镜像层: sha256:1fefc1deaca61a920dcbe66f0e29db11a3afa054ccf89bc6b80e22b8b702a126 发布日期: 2023-08-02 20:15 修改: 2023-11-25 11:15
stdlib	CVE-2023-39318	中危	1.20.5	1.20.8, 1.21.1	golang: html/template: improper handling of HTML-like comments within script contexts 漏洞详情: https://avd.aquasec.com/nvd/cve-2023-39318 镜像层: sha256:1fefc1deaca61a920dcbe66f0e29db11a3afa054ccf89bc6b80e22b8b702a126 发布日期: 2023-09-08 17:15 修改: 2023-11-25 11:15
stdlib	CVE-2023-39319	中危	1.20.5	1.20.8, 1.21.1	golang: html/template: improper handling of special tags within script contexts 漏洞详情: https://avd.aquasec.com/nvd/cve-2023-39319 镜像层: sha256:1fefc1deaca61a920dcbe66f0e29db11a3afa054ccf89bc6b80e22b8b702a126 发布日期: 2023-09-08 17:15 修改: 2023-11-25 11:15
stdlib	CVE-2023-39326	中危	1.20.5	1.20.12, 1.21.5	golang: net/http/internal: Denial of Service (DoS) via Resource Consumption via HTTP requests 漏洞详情: https://avd.aquasec.com/nvd/cve-2023-39326 镜像层: sha256:1fefc1deaca61a920dcbe66f0e29db11a3afa054ccf89bc6b80e22b8b702a126 发布日期: 2023-12-06 17:15 修改: 2024-01-20 04:15
stdlib	CVE-2023-45284	中危	1.20.5	1.20.11, 1.21.4	On Windows, The IsLocal function does not correctly detect reserved de ... 漏洞详情: https://avd.aquasec.com/nvd/cve-2023-45284 镜像层: sha256:1fefc1deaca61a920dcbe66f0e29db11a3afa054ccf89bc6b80e22b8b702a126 发布日期: 2023-11-09 17:15 修改: 2024-09-03 19:35
stdlib	CVE-2023-45289	中危	1.20.5	1.21.8, 1.22.1	golang: net/http/cookiejar: incorrect forwarding of sensitive headers and cookies on HTTP redirect 漏洞详情: https://avd.aquasec.com/nvd/cve-2023-45289 镜像层: sha256:1fefc1deaca61a920dcbe66f0e29db11a3afa054ccf89bc6b80e22b8b702a126 发布日期: 2024-03-05 23:15 修改: 2024-11-04 19:35
stdlib	CVE-2023-45290	中危	1.20.5	1.21.8, 1.22.1	golang: net/http: golang: mime/multipart: golang: net/textproto: memory exhaustion in Request.ParseMultipartForm 漏洞详情: https://avd.aquasec.com/nvd/cve-2023-45290 镜像层: sha256:1fefc1deaca61a920dcbe66f0e29db11a3afa054ccf89bc6b80e22b8b702a126 发布日期: 2024-03-05 23:15 修改: 2024-11-07 11:35
stdlib	CVE-2024-24783	中危	1.20.5	1.21.8, 1.22.1	golang: crypto/x509: Verify panics on certificates with an unknown public key algorithm 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-24783 镜像层: sha256:1fefc1deaca61a920dcbe66f0e29db11a3afa054ccf89bc6b80e22b8b702a126 发布日期: 2024-03-05 23:15 修改: 2024-11-05 17:35
stdlib	CVE-2024-24784	中危	1.20.5	1.21.8, 1.22.1	golang: net/mail: comments in display names are incorrectly handled 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-24784 镜像层: sha256:1fefc1deaca61a920dcbe66f0e29db11a3afa054ccf89bc6b80e22b8b702a126 发布日期: 2024-03-05 23:15 修改: 2024-08-05 21:35
stdlib	CVE-2024-24785	中危	1.20.5	1.21.8, 1.22.1	golang: html/template: errors returned from MarshalJSON methods may break template escaping 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-24785 镜像层: sha256:1fefc1deaca61a920dcbe66f0e29db11a3afa054ccf89bc6b80e22b8b702a126 发布日期: 2024-03-05 23:15 修改: 2024-05-01 17:15
stdlib	CVE-2024-24789	中危	1.20.5	1.21.11, 1.22.4	golang: archive/zip: Incorrect handling of certain ZIP files 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-24789 镜像层: sha256:1fefc1deaca61a920dcbe66f0e29db11a3afa054ccf89bc6b80e22b8b702a126 发布日期: 2024-06-05 16:15 修改: 2024-07-03 01:48
stdlib	CVE-2024-24791	中危	1.20.5	1.21.12, 1.22.5	net/http: Denial of service due to improper 100-continue handling in net/http 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-24791 镜像层: sha256:1fefc1deaca61a920dcbe66f0e29db11a3afa054ccf89bc6b80e22b8b702a126 发布日期: 2024-07-02 22:15 修改: 2024-07-08 14:17
stdlib	CVE-2024-34155	中危	1.20.5	1.22.7, 1.23.1	go/parser: golang: Calling any of the Parse functions containing deeply nested literals can cause a panic/stack exhaustion 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-34155 镜像层: sha256:1fefc1deaca61a920dcbe66f0e29db11a3afa054ccf89bc6b80e22b8b702a126 发布日期: 2024-09-06 21:15 修改: 2024-11-04 17:35
stdlib	CVE-2024-34158	中危	1.20.5	1.22.7, 1.23.1	go/build/constraint: golang: Calling Parse on a "// +build" build tag line with deeply nested expressions can cause a panic due to stack exhaustion 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-34158 镜像层: sha256:1fefc1deaca61a920dcbe66f0e29db11a3afa054ccf89bc6b80e22b8b702a126 发布日期: 2024-09-06 21:15 修改: 2024-09-09 14:35

usr/local/bin/gitlab-zip-metadata (gobinary)

低危漏洞:0

中危漏洞:20

高危漏洞:7

严重漏洞:1

软件包	漏洞	安全状态	安装版本	修复版本	漏洞信息
stdlib	CVE-2024-24790	严重	1.20.5	1.21.11, 1.22.4	golang: net/netip: Unexpected behavior from Is methods for IPv4-mapped IPv6 addresses 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-24790 镜像层: sha256:1fefc1deaca61a920dcbe66f0e29db11a3afa054ccf89bc6b80e22b8b702a126 发布日期: 2024-06-05 16:15 修改: 2024-09-03 18:35
golang.org/x/net	CVE-2024-45338	高危	v0.8.0	0.33.0	golang.org/x/net/html: Non-linear parsing of case-insensitive content in golang.org/x/net/html 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-45338 镜像层: sha256:1fefc1deaca61a920dcbe66f0e29db11a3afa054ccf89bc6b80e22b8b702a126 发布日期: 2024-12-18 21:15 修改: 2024-12-31 20:16
google.golang.org/grpc	GHSA-m425-mq94-257g	高危	v1.54.0	1.56.3, 1.57.1, 1.58.3	gRPC-Go HTTP/2 Rapid Reset vulnerability 漏洞详情: https://github.com/advisories/GHSA-m425-mq94-257g 镜像层: sha256:1fefc1deaca61a920dcbe66f0e29db11a3afa054ccf89bc6b80e22b8b702a126 发布日期: 0001-01-01 00:00 修改: 0001-01-01 00:00
golang.org/x/net	CVE-2023-39325	高危	v0.8.0	0.17.0	golang: net/http, x/net/http2: rapid stream resets can cause excessive work (CVE-2023-44487) 漏洞详情: https://avd.aquasec.com/nvd/cve-2023-39325 镜像层: sha256:1fefc1deaca61a920dcbe66f0e29db11a3afa054ccf89bc6b80e22b8b702a126 发布日期: 2023-10-11 22:15 修改: 2024-04-28 04:15
stdlib	CVE-2023-39325	高危	1.20.5	1.20.10, 1.21.3	golang: net/http, x/net/http2: rapid stream resets can cause excessive work (CVE-2023-44487) 漏洞详情: https://avd.aquasec.com/nvd/cve-2023-39325 镜像层: sha256:1fefc1deaca61a920dcbe66f0e29db11a3afa054ccf89bc6b80e22b8b702a126 发布日期: 2023-10-11 22:15 修改: 2024-04-28 04:15
stdlib	CVE-2023-45283	高危	1.20.5	1.20.11, 1.21.4, 1.20.12, 1.21.5	The filepath package does not recognize paths with a \??\ prefix as sp ... 漏洞详情: https://avd.aquasec.com/nvd/cve-2023-45283 镜像层: sha256:1fefc1deaca61a920dcbe66f0e29db11a3afa054ccf89bc6b80e22b8b702a126 发布日期: 2023-11-09 17:15 修改: 2023-12-14 10:15
stdlib	CVE-2023-45288	高危	1.20.5	1.21.9, 1.22.2	golang: net/http, x/net/http2: unlimited number of CONTINUATION frames causes DoS 漏洞详情: https://avd.aquasec.com/nvd/cve-2023-45288 镜像层: sha256:1fefc1deaca61a920dcbe66f0e29db11a3afa054ccf89bc6b80e22b8b702a126 发布日期: 2024-04-04 21:15 修改: 2024-08-26 21:35
stdlib	CVE-2024-34156	高危	1.20.5	1.22.7, 1.23.1	encoding/gob: golang: Calling Decoder.Decode on a message which contains deeply nested structures can cause a panic due to stack exhaustion 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-34156 镜像层: sha256:1fefc1deaca61a920dcbe66f0e29db11a3afa054ccf89bc6b80e22b8b702a126 发布日期: 2024-09-06 21:15 修改: 2024-09-09 15:35
golang.org/x/net	CVE-2023-44487	中危	v0.8.0	0.17.0	HTTP/2: Multiple HTTP/2 enabled web servers are vulnerable to a DDoS attack (Rapid Reset Attack) 漏洞详情: https://avd.aquasec.com/nvd/cve-2023-44487 镜像层: sha256:1fefc1deaca61a920dcbe66f0e29db11a3afa054ccf89bc6b80e22b8b702a126 发布日期: 2023-10-10 14:15 修改: 2024-12-20 17:40
golang.org/x/net	CVE-2023-45288	中危	v0.8.0	0.23.0	golang: net/http, x/net/http2: unlimited number of CONTINUATION frames causes DoS 漏洞详情: https://avd.aquasec.com/nvd/cve-2023-45288 镜像层: sha256:1fefc1deaca61a920dcbe66f0e29db11a3afa054ccf89bc6b80e22b8b702a126 发布日期: 2024-04-04 21:15 修改: 2024-08-26 21:35
golang.org/x/net	CVE-2023-3978	中危	v0.8.0	0.13.0	golang.org/x/net/html: Cross site scripting 漏洞详情: https://avd.aquasec.com/nvd/cve-2023-3978 镜像层: sha256:1fefc1deaca61a920dcbe66f0e29db11a3afa054ccf89bc6b80e22b8b702a126 发布日期: 2023-08-02 20:15 修改: 2023-11-07 04:20
google.golang.org/grpc	CVE-2023-44487	中危	v1.54.0	1.58.3, 1.57.1, 1.56.3	HTTP/2: Multiple HTTP/2 enabled web servers are vulnerable to a DDoS attack (Rapid Reset Attack) 漏洞详情: https://avd.aquasec.com/nvd/cve-2023-44487 镜像层: sha256:1fefc1deaca61a920dcbe66f0e29db11a3afa054ccf89bc6b80e22b8b702a126 发布日期: 2023-10-10 14:15 修改: 2024-12-20 17:40
google.golang.org/protobuf	CVE-2024-24786	中危	v1.30.0	1.33.0	golang-protobuf: encoding/protojson, internal/encoding/json: infinite loop in protojson.Unmarshal when unmarshaling certain forms of invalid JSON 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-24786 镜像层: sha256:1fefc1deaca61a920dcbe66f0e29db11a3afa054ccf89bc6b80e22b8b702a126 发布日期: 2024-03-05 23:15 修改: 2024-11-07 17:35
stdlib	CVE-2023-29406	中危	1.20.5	1.19.11, 1.20.6	golang: net/http: insufficient sanitization of Host header 漏洞详情: https://avd.aquasec.com/nvd/cve-2023-29406 镜像层: sha256:1fefc1deaca61a920dcbe66f0e29db11a3afa054ccf89bc6b80e22b8b702a126 发布日期: 2023-07-11 20:15 修改: 2023-11-25 11:15
stdlib	CVE-2023-29409	中危	1.20.5	1.19.12, 1.20.7, 1.21.0-rc.4	golang: crypto/tls: slow verification of certificate chains containing large RSA keys 漏洞详情: https://avd.aquasec.com/nvd/cve-2023-29409 镜像层: sha256:1fefc1deaca61a920dcbe66f0e29db11a3afa054ccf89bc6b80e22b8b702a126 发布日期: 2023-08-02 20:15 修改: 2023-11-25 11:15
stdlib	CVE-2023-39318	中危	1.20.5	1.20.8, 1.21.1	golang: html/template: improper handling of HTML-like comments within script contexts 漏洞详情: https://avd.aquasec.com/nvd/cve-2023-39318 镜像层: sha256:1fefc1deaca61a920dcbe66f0e29db11a3afa054ccf89bc6b80e22b8b702a126 发布日期: 2023-09-08 17:15 修改: 2023-11-25 11:15
stdlib	CVE-2023-39319	中危	1.20.5	1.20.8, 1.21.1	golang: html/template: improper handling of special tags within script contexts 漏洞详情: https://avd.aquasec.com/nvd/cve-2023-39319 镜像层: sha256:1fefc1deaca61a920dcbe66f0e29db11a3afa054ccf89bc6b80e22b8b702a126 发布日期: 2023-09-08 17:15 修改: 2023-11-25 11:15
stdlib	CVE-2023-39326	中危	1.20.5	1.20.12, 1.21.5	golang: net/http/internal: Denial of Service (DoS) via Resource Consumption via HTTP requests 漏洞详情: https://avd.aquasec.com/nvd/cve-2023-39326 镜像层: sha256:1fefc1deaca61a920dcbe66f0e29db11a3afa054ccf89bc6b80e22b8b702a126 发布日期: 2023-12-06 17:15 修改: 2024-01-20 04:15
stdlib	CVE-2023-45284	中危	1.20.5	1.20.11, 1.21.4	On Windows, The IsLocal function does not correctly detect reserved de ... 漏洞详情: https://avd.aquasec.com/nvd/cve-2023-45284 镜像层: sha256:1fefc1deaca61a920dcbe66f0e29db11a3afa054ccf89bc6b80e22b8b702a126 发布日期: 2023-11-09 17:15 修改: 2024-09-03 19:35
stdlib	CVE-2023-45289	中危	1.20.5	1.21.8, 1.22.1	golang: net/http/cookiejar: incorrect forwarding of sensitive headers and cookies on HTTP redirect 漏洞详情: https://avd.aquasec.com/nvd/cve-2023-45289 镜像层: sha256:1fefc1deaca61a920dcbe66f0e29db11a3afa054ccf89bc6b80e22b8b702a126 发布日期: 2024-03-05 23:15 修改: 2024-11-04 19:35
stdlib	CVE-2023-45290	中危	1.20.5	1.21.8, 1.22.1	golang: net/http: golang: mime/multipart: golang: net/textproto: memory exhaustion in Request.ParseMultipartForm 漏洞详情: https://avd.aquasec.com/nvd/cve-2023-45290 镜像层: sha256:1fefc1deaca61a920dcbe66f0e29db11a3afa054ccf89bc6b80e22b8b702a126 发布日期: 2024-03-05 23:15 修改: 2024-11-07 11:35
stdlib	CVE-2024-24783	中危	1.20.5	1.21.8, 1.22.1	golang: crypto/x509: Verify panics on certificates with an unknown public key algorithm 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-24783 镜像层: sha256:1fefc1deaca61a920dcbe66f0e29db11a3afa054ccf89bc6b80e22b8b702a126 发布日期: 2024-03-05 23:15 修改: 2024-11-05 17:35
stdlib	CVE-2024-24784	中危	1.20.5	1.21.8, 1.22.1	golang: net/mail: comments in display names are incorrectly handled 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-24784 镜像层: sha256:1fefc1deaca61a920dcbe66f0e29db11a3afa054ccf89bc6b80e22b8b702a126 发布日期: 2024-03-05 23:15 修改: 2024-08-05 21:35
stdlib	CVE-2024-24785	中危	1.20.5	1.21.8, 1.22.1	golang: html/template: errors returned from MarshalJSON methods may break template escaping 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-24785 镜像层: sha256:1fefc1deaca61a920dcbe66f0e29db11a3afa054ccf89bc6b80e22b8b702a126 发布日期: 2024-03-05 23:15 修改: 2024-05-01 17:15
stdlib	CVE-2024-24789	中危	1.20.5	1.21.11, 1.22.4	golang: archive/zip: Incorrect handling of certain ZIP files 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-24789 镜像层: sha256:1fefc1deaca61a920dcbe66f0e29db11a3afa054ccf89bc6b80e22b8b702a126 发布日期: 2024-06-05 16:15 修改: 2024-07-03 01:48
stdlib	CVE-2024-24791	中危	1.20.5	1.21.12, 1.22.5	net/http: Denial of service due to improper 100-continue handling in net/http 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-24791 镜像层: sha256:1fefc1deaca61a920dcbe66f0e29db11a3afa054ccf89bc6b80e22b8b702a126 发布日期: 2024-07-02 22:15 修改: 2024-07-08 14:17
stdlib	CVE-2024-34155	中危	1.20.5	1.22.7, 1.23.1	go/parser: golang: Calling any of the Parse functions containing deeply nested literals can cause a panic/stack exhaustion 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-34155 镜像层: sha256:1fefc1deaca61a920dcbe66f0e29db11a3afa054ccf89bc6b80e22b8b702a126 发布日期: 2024-09-06 21:15 修改: 2024-11-04 17:35
stdlib	CVE-2024-34158	中危	1.20.5	1.22.7, 1.23.1	go/build/constraint: golang: Calling Parse on a "// +build" build tag line with deeply nested expressions can cause a panic due to stack exhaustion 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-34158 镜像层: sha256:1fefc1deaca61a920dcbe66f0e29db11a3afa054ccf89bc6b80e22b8b702a126 发布日期: 2024-09-06 21:15 修改: 2024-09-09 14:35

usr/local/bin/praefect (gobinary)

低危漏洞:1

中危漏洞:22

高危漏洞:13

严重漏洞:4

软件包	漏洞	安全状态	安装版本	修复版本	漏洞信息
github.com/go-git/go-git/v5	CVE-2023-49569	严重	v5.4.2	5.11.0	go-git: Maliciously crafted Git server replies can lead to path traversal and RCE on go-git clients 漏洞详情: https://avd.aquasec.com/nvd/cve-2023-49569 镜像层: sha256:1fefc1deaca61a920dcbe66f0e29db11a3afa054ccf89bc6b80e22b8b702a126 发布日期: 2024-01-12 11:15 修改: 2024-01-22 18:57
github.com/go-git/go-git/v5	CVE-2025-21613	严重	v5.4.2	5.13.0	go-git: argument injection via the URL field 漏洞详情: https://avd.aquasec.com/nvd/cve-2025-21613 镜像层: sha256:1fefc1deaca61a920dcbe66f0e29db11a3afa054ccf89bc6b80e22b8b702a126 发布日期: 2025-01-06 17:15 修改: 2025-01-06 17:15
golang.org/x/crypto	CVE-2024-45337	严重	v0.7.0	0.31.0	golang.org/x/crypto/ssh: Misuse of ServerConfig.PublicKeyCallback may cause authorization bypass in golang.org/x/crypto 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-45337 镜像层: sha256:1fefc1deaca61a920dcbe66f0e29db11a3afa054ccf89bc6b80e22b8b702a126 发布日期: 2024-12-12 02:02 修改: 2024-12-12 21:15
stdlib	CVE-2024-24790	严重	1.20.5	1.21.11, 1.22.4	golang: net/netip: Unexpected behavior from Is methods for IPv4-mapped IPv6 addresses 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-24790 镜像层: sha256:1fefc1deaca61a920dcbe66f0e29db11a3afa054ccf89bc6b80e22b8b702a126 发布日期: 2024-06-05 16:15 修改: 2024-09-03 18:35
github.com/go-git/go-git/v5	CVE-2025-21614	高危	v5.4.2	5.13.0	go-git: go-git clients vulnerable to DoS via maliciously crafted Git server replies 漏洞详情: https://avd.aquasec.com/nvd/cve-2025-21614 镜像层: sha256:1fefc1deaca61a920dcbe66f0e29db11a3afa054ccf89bc6b80e22b8b702a126 发布日期: 2025-01-06 17:15 修改: 2025-01-06 17:15
github.com/jackc/pgproto3/v2	GHSA-7jwh-3vrq-q3m8	高危	v2.3.2	2.3.3	pgproto3 SQL Injection via Protocol Message Size Overflow 漏洞详情: https://github.com/advisories/GHSA-7jwh-3vrq-q3m8 镜像层: sha256:1fefc1deaca61a920dcbe66f0e29db11a3afa054ccf89bc6b80e22b8b702a126 发布日期: 0001-01-01 00:00 修改: 0001-01-01 00:00
github.com/jackc/pgx/v4	CVE-2024-27289	高危	v4.18.1	4.18.2	pgx: SQL Injection via Line Comment Creation 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-27289 镜像层: sha256:1fefc1deaca61a920dcbe66f0e29db11a3afa054ccf89bc6b80e22b8b702a126 发布日期: 2024-03-06 19:15 修改: 2024-03-06 21:42
github.com/jackc/pgx/v4	CVE-2024-27304	高危	v4.18.1	4.18.2	pgx: SQL Injection via Protocol Message Size Overflow 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-27304 镜像层: sha256:1fefc1deaca61a920dcbe66f0e29db11a3afa054ccf89bc6b80e22b8b702a126 发布日期: 2024-03-06 19:15 修改: 2024-12-12 21:15
github.com/cloudflare/circl	GHSA-9763-4f94-gfch	高危	v1.2.0	1.3.7	CIRCL's Kyber: timing side-channel (kyberslash2) 漏洞详情: https://github.com/advisories/GHSA-9763-4f94-gfch 镜像层: sha256:1fefc1deaca61a920dcbe66f0e29db11a3afa054ccf89bc6b80e22b8b702a126 发布日期: 0001-01-01 00:00 修改: 0001-01-01 00:00
golang.org/x/net	CVE-2023-39325	高危	v0.8.0	0.17.0	golang: net/http, x/net/http2: rapid stream resets can cause excessive work (CVE-2023-44487) 漏洞详情: https://avd.aquasec.com/nvd/cve-2023-39325 镜像层: sha256:1fefc1deaca61a920dcbe66f0e29db11a3afa054ccf89bc6b80e22b8b702a126 发布日期: 2023-10-11 22:15 修改: 2024-04-28 04:15
golang.org/x/net	CVE-2024-45338	高危	v0.8.0	0.33.0	golang.org/x/net/html: Non-linear parsing of case-insensitive content in golang.org/x/net/html 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-45338 镜像层: sha256:1fefc1deaca61a920dcbe66f0e29db11a3afa054ccf89bc6b80e22b8b702a126 发布日期: 2024-12-18 21:15 修改: 2024-12-31 20:16
google.golang.org/grpc	GHSA-m425-mq94-257g	高危	v1.54.0	1.56.3, 1.57.1, 1.58.3	gRPC-Go HTTP/2 Rapid Reset vulnerability 漏洞详情: https://github.com/advisories/GHSA-m425-mq94-257g 镜像层: sha256:1fefc1deaca61a920dcbe66f0e29db11a3afa054ccf89bc6b80e22b8b702a126 发布日期: 0001-01-01 00:00 修改: 0001-01-01 00:00
github.com/go-git/go-git/v5	CVE-2023-49568	高危	v5.4.2	5.11.0	go-git: Maliciously crafted Git server replies can cause DoS on go-git clients 漏洞详情: https://avd.aquasec.com/nvd/cve-2023-49568 镜像层: sha256:1fefc1deaca61a920dcbe66f0e29db11a3afa054ccf89bc6b80e22b8b702a126 发布日期: 2024-01-12 11:15 修改: 2024-01-22 17:57
stdlib	CVE-2023-39325	高危	1.20.5	1.20.10, 1.21.3	golang: net/http, x/net/http2: rapid stream resets can cause excessive work (CVE-2023-44487) 漏洞详情: https://avd.aquasec.com/nvd/cve-2023-39325 镜像层: sha256:1fefc1deaca61a920dcbe66f0e29db11a3afa054ccf89bc6b80e22b8b702a126 发布日期: 2023-10-11 22:15 修改: 2024-04-28 04:15
stdlib	CVE-2023-45283	高危	1.20.5	1.20.11, 1.21.4, 1.20.12, 1.21.5	The filepath package does not recognize paths with a \??\ prefix as sp ... 漏洞详情: https://avd.aquasec.com/nvd/cve-2023-45283 镜像层: sha256:1fefc1deaca61a920dcbe66f0e29db11a3afa054ccf89bc6b80e22b8b702a126 发布日期: 2023-11-09 17:15 修改: 2023-12-14 10:15
stdlib	CVE-2023-45288	高危	1.20.5	1.21.9, 1.22.2	golang: net/http, x/net/http2: unlimited number of CONTINUATION frames causes DoS 漏洞详情: https://avd.aquasec.com/nvd/cve-2023-45288 镜像层: sha256:1fefc1deaca61a920dcbe66f0e29db11a3afa054ccf89bc6b80e22b8b702a126 发布日期: 2024-04-04 21:15 修改: 2024-08-26 21:35
stdlib	CVE-2024-34156	高危	1.20.5	1.22.7, 1.23.1	encoding/gob: golang: Calling Decoder.Decode on a message which contains deeply nested structures can cause a panic due to stack exhaustion 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-34156 镜像层: sha256:1fefc1deaca61a920dcbe66f0e29db11a3afa054ccf89bc6b80e22b8b702a126 发布日期: 2024-09-06 21:15 修改: 2024-09-09 15:35
google.golang.org/grpc	CVE-2023-44487	中危	v1.54.0	1.58.3, 1.57.1, 1.56.3	HTTP/2: Multiple HTTP/2 enabled web servers are vulnerable to a DDoS attack (Rapid Reset Attack) 漏洞详情: https://avd.aquasec.com/nvd/cve-2023-44487 镜像层: sha256:1fefc1deaca61a920dcbe66f0e29db11a3afa054ccf89bc6b80e22b8b702a126 发布日期: 2023-10-10 14:15 修改: 2024-12-20 17:40
google.golang.org/protobuf	CVE-2024-24786	中危	v1.30.0	1.33.0	golang-protobuf: encoding/protojson, internal/encoding/json: infinite loop in protojson.Unmarshal when unmarshaling certain forms of invalid JSON 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-24786 镜像层: sha256:1fefc1deaca61a920dcbe66f0e29db11a3afa054ccf89bc6b80e22b8b702a126 发布日期: 2024-03-05 23:15 修改: 2024-11-07 17:35
golang.org/x/crypto	CVE-2023-48795	中危	v0.7.0	0.17.0	ssh: Prefix truncation attack on Binary Packet Protocol (BPP) 漏洞详情: https://avd.aquasec.com/nvd/cve-2023-48795 镜像层: sha256:1fefc1deaca61a920dcbe66f0e29db11a3afa054ccf89bc6b80e22b8b702a126 发布日期: 2023-12-18 16:15 修改: 2024-12-02 14:54
golang.org/x/net	CVE-2023-3978	中危	v0.8.0	0.13.0	golang.org/x/net/html: Cross site scripting 漏洞详情: https://avd.aquasec.com/nvd/cve-2023-3978 镜像层: sha256:1fefc1deaca61a920dcbe66f0e29db11a3afa054ccf89bc6b80e22b8b702a126 发布日期: 2023-08-02 20:15 修改: 2023-11-07 04:20
golang.org/x/net	CVE-2023-44487	中危	v0.8.0	0.17.0	HTTP/2: Multiple HTTP/2 enabled web servers are vulnerable to a DDoS attack (Rapid Reset Attack) 漏洞详情: https://avd.aquasec.com/nvd/cve-2023-44487 镜像层: sha256:1fefc1deaca61a920dcbe66f0e29db11a3afa054ccf89bc6b80e22b8b702a126 发布日期: 2023-10-10 14:15 修改: 2024-12-20 17:40
golang.org/x/net	CVE-2023-45288	中危	v0.8.0	0.23.0	golang: net/http, x/net/http2: unlimited number of CONTINUATION frames causes DoS 漏洞详情: https://avd.aquasec.com/nvd/cve-2023-45288 镜像层: sha256:1fefc1deaca61a920dcbe66f0e29db11a3afa054ccf89bc6b80e22b8b702a126 发布日期: 2024-04-04 21:15 修改: 2024-08-26 21:35
github.com/cloudflare/circl	CVE-2023-1732	中危	v1.2.0	1.3.3	Improper random reading in CIRCL 漏洞详情: https://avd.aquasec.com/nvd/cve-2023-1732 镜像层: sha256:1fefc1deaca61a920dcbe66f0e29db11a3afa054ccf89bc6b80e22b8b702a126 发布日期: 2023-05-10 12:15 修改: 2023-05-17 17:04
stdlib	CVE-2023-29406	中危	1.20.5	1.19.11, 1.20.6	golang: net/http: insufficient sanitization of Host header 漏洞详情: https://avd.aquasec.com/nvd/cve-2023-29406 镜像层: sha256:1fefc1deaca61a920dcbe66f0e29db11a3afa054ccf89bc6b80e22b8b702a126 发布日期: 2023-07-11 20:15 修改: 2023-11-25 11:15
stdlib	CVE-2023-29409	中危	1.20.5	1.19.12, 1.20.7, 1.21.0-rc.4	golang: crypto/tls: slow verification of certificate chains containing large RSA keys 漏洞详情: https://avd.aquasec.com/nvd/cve-2023-29409 镜像层: sha256:1fefc1deaca61a920dcbe66f0e29db11a3afa054ccf89bc6b80e22b8b702a126 发布日期: 2023-08-02 20:15 修改: 2023-11-25 11:15
stdlib	CVE-2023-39318	中危	1.20.5	1.20.8, 1.21.1	golang: html/template: improper handling of HTML-like comments within script contexts 漏洞详情: https://avd.aquasec.com/nvd/cve-2023-39318 镜像层: sha256:1fefc1deaca61a920dcbe66f0e29db11a3afa054ccf89bc6b80e22b8b702a126 发布日期: 2023-09-08 17:15 修改: 2023-11-25 11:15
stdlib	CVE-2023-39319	中危	1.20.5	1.20.8, 1.21.1	golang: html/template: improper handling of special tags within script contexts 漏洞详情: https://avd.aquasec.com/nvd/cve-2023-39319 镜像层: sha256:1fefc1deaca61a920dcbe66f0e29db11a3afa054ccf89bc6b80e22b8b702a126 发布日期: 2023-09-08 17:15 修改: 2023-11-25 11:15
stdlib	CVE-2023-39326	中危	1.20.5	1.20.12, 1.21.5	golang: net/http/internal: Denial of Service (DoS) via Resource Consumption via HTTP requests 漏洞详情: https://avd.aquasec.com/nvd/cve-2023-39326 镜像层: sha256:1fefc1deaca61a920dcbe66f0e29db11a3afa054ccf89bc6b80e22b8b702a126 发布日期: 2023-12-06 17:15 修改: 2024-01-20 04:15
stdlib	CVE-2023-45284	中危	1.20.5	1.20.11, 1.21.4	On Windows, The IsLocal function does not correctly detect reserved de ... 漏洞详情: https://avd.aquasec.com/nvd/cve-2023-45284 镜像层: sha256:1fefc1deaca61a920dcbe66f0e29db11a3afa054ccf89bc6b80e22b8b702a126 发布日期: 2023-11-09 17:15 修改: 2024-09-03 19:35
stdlib	CVE-2023-45289	中危	1.20.5	1.21.8, 1.22.1	golang: net/http/cookiejar: incorrect forwarding of sensitive headers and cookies on HTTP redirect 漏洞详情: https://avd.aquasec.com/nvd/cve-2023-45289 镜像层: sha256:1fefc1deaca61a920dcbe66f0e29db11a3afa054ccf89bc6b80e22b8b702a126 发布日期: 2024-03-05 23:15 修改: 2024-11-04 19:35
stdlib	CVE-2023-45290	中危	1.20.5	1.21.8, 1.22.1	golang: net/http: golang: mime/multipart: golang: net/textproto: memory exhaustion in Request.ParseMultipartForm 漏洞详情: https://avd.aquasec.com/nvd/cve-2023-45290 镜像层: sha256:1fefc1deaca61a920dcbe66f0e29db11a3afa054ccf89bc6b80e22b8b702a126 发布日期: 2024-03-05 23:15 修改: 2024-11-07 11:35
stdlib	CVE-2024-24783	中危	1.20.5	1.21.8, 1.22.1	golang: crypto/x509: Verify panics on certificates with an unknown public key algorithm 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-24783 镜像层: sha256:1fefc1deaca61a920dcbe66f0e29db11a3afa054ccf89bc6b80e22b8b702a126 发布日期: 2024-03-05 23:15 修改: 2024-11-05 17:35
stdlib	CVE-2024-24784	中危	1.20.5	1.21.8, 1.22.1	golang: net/mail: comments in display names are incorrectly handled 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-24784 镜像层: sha256:1fefc1deaca61a920dcbe66f0e29db11a3afa054ccf89bc6b80e22b8b702a126 发布日期: 2024-03-05 23:15 修改: 2024-08-05 21:35
stdlib	CVE-2024-24785	中危	1.20.5	1.21.8, 1.22.1	golang: html/template: errors returned from MarshalJSON methods may break template escaping 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-24785 镜像层: sha256:1fefc1deaca61a920dcbe66f0e29db11a3afa054ccf89bc6b80e22b8b702a126 发布日期: 2024-03-05 23:15 修改: 2024-05-01 17:15
stdlib	CVE-2024-24789	中危	1.20.5	1.21.11, 1.22.4	golang: archive/zip: Incorrect handling of certain ZIP files 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-24789 镜像层: sha256:1fefc1deaca61a920dcbe66f0e29db11a3afa054ccf89bc6b80e22b8b702a126 发布日期: 2024-06-05 16:15 修改: 2024-07-03 01:48
stdlib	CVE-2024-24791	中危	1.20.5	1.21.12, 1.22.5	net/http: Denial of service due to improper 100-continue handling in net/http 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-24791 镜像层: sha256:1fefc1deaca61a920dcbe66f0e29db11a3afa054ccf89bc6b80e22b8b702a126 发布日期: 2024-07-02 22:15 修改: 2024-07-08 14:17
stdlib	CVE-2024-34155	中危	1.20.5	1.22.7, 1.23.1	go/parser: golang: Calling any of the Parse functions containing deeply nested literals can cause a panic/stack exhaustion 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-34155 镜像层: sha256:1fefc1deaca61a920dcbe66f0e29db11a3afa054ccf89bc6b80e22b8b702a126 发布日期: 2024-09-06 21:15 修改: 2024-11-04 17:35
stdlib	CVE-2024-34158	中危	1.20.5	1.22.7, 1.23.1	go/build/constraint: golang: Calling Parse on a "// +build" build tag line with deeply nested expressions can cause a panic due to stack exhaustion 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-34158 镜像层: sha256:1fefc1deaca61a920dcbe66f0e29db11a3afa054ccf89bc6b80e22b8b702a126 发布日期: 2024-09-06 21:15 修改: 2024-09-09 14:35
github.com/golang-jwt/jwt/v4	CVE-2024-51744	低危	v4.5.0	4.5.1	golang-jwt: Bad documentation of error handling in ParseWithClaims can lead to potentially dangerous situations in golang-jwt 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-51744 镜像层: sha256:1fefc1deaca61a920dcbe66f0e29db11a3afa054ccf89bc6b80e22b8b702a126 发布日期: 2024-11-04 22:15 修改: 2024-11-05 16:04

/etc/ssh/ssh_host_rsa_key ()

低危漏洞:0

中危漏洞:0

高危漏洞:0

严重漏洞:0

软件包	漏洞	安全状态	安装版本	修复版本	漏洞信息

/home/git/gitlab/qa/tls_certificates/client/client.pem ()

低危漏洞:0

中危漏洞:0

高危漏洞:0

严重漏洞:0

软件包	漏洞	安全状态	安装版本	修复版本	漏洞信息

/home/git/gitlab/spec/frontend/notes/components/comment_form_spec.js ()

低危漏洞:0

中危漏洞:0

高危漏洞:0

严重漏洞:0

软件包	漏洞	安全状态	安装版本	修复版本	漏洞信息

/home/git/gitlab/spec/fixtures/auth_key.p8 ()

低危漏洞:0

中危漏洞:0

高危漏洞:0

严重漏洞:0

软件包	漏洞	安全状态	安装版本	修复版本	漏洞信息

/etc/ssl/private/ssl-cert-snakeoil.key ()

低危漏洞:0

中危漏洞:0

高危漏洞:0

严重漏洞:0

软件包	漏洞	安全状态	安装版本	修复版本	漏洞信息

/home/git/gitlab/config/secrets.yml ()

低危漏洞:0

中危漏洞:0

高危漏洞:0

严重漏洞:0

软件包	漏洞	安全状态	安装版本	修复版本	漏洞信息

/home/git/gitlab/lib/api/helpers/integrations_helpers.rb ()

低危漏洞:0

中危漏洞:0

高危漏洞:0

严重漏洞:0

软件包	漏洞	安全状态	安装版本	修复版本	漏洞信息

/home/git/gitlab/spec/features/profiles/user_edit_profile_spec.rb ()

低危漏洞:0

中危漏洞:0

高危漏洞:0

严重漏洞:0

软件包	漏洞	安全状态	安装版本	修复版本	漏洞信息

/home/git/gitlab/spec/features/projects/integrations/user_activates_slack_notifications_spec.rb ()

低危漏洞:0

中危漏洞:0

高危漏洞:0

严重漏洞:0

软件包	漏洞	安全状态	安装版本	修复版本	漏洞信息

/home/git/gitlab/app/models/integrations/prometheus.rb ()

低危漏洞:0

中危漏洞:0

高危漏洞:0

严重漏洞:0

软件包	漏洞	安全状态	安装版本	修复版本	漏洞信息

/home/git/gitlab/spec/fixtures/clusters/sample_key.key ()

低危漏洞:0

中危漏洞:0

高危漏洞:0

严重漏洞:0

软件包	漏洞	安全状态	安装版本	修复版本	漏洞信息

/home/git/gitlab/spec/frontend/diffs/store/actions_spec.js ()

低危漏洞:0

中危漏洞:0

高危漏洞:0

严重漏洞:0

软件包	漏洞	安全状态	安装版本	修复版本	漏洞信息

/home/git/gitlab/spec/initializers/doorkeeper_openid_connect_patch_spec.rb ()

低危漏洞:0

中危漏洞:0

高危漏洞:0

严重漏洞:0

软件包	漏洞	安全状态	安装版本	修复版本	漏洞信息

/home/git/gitlab/spec/support/helpers/gpg_helpers.rb ()

低危漏洞:0

中危漏洞:0

高危漏洞:0

严重漏洞:0

软件包	漏洞	安全状态	安装版本	修复版本	漏洞信息

/home/git/gitlab/spec/frontend/issuable/issuable_form_spec.js ()

低危漏洞:0

中危漏洞:0

高危漏洞:0

严重漏洞:0

软件包	漏洞	安全状态	安装版本	修复版本	漏洞信息

/home/git/gitlab/spec/factories/pages_domains.rb ()

低危漏洞:0

中危漏洞:0

高危漏洞:0

严重漏洞:0

软件包	漏洞	安全状态	安装版本	修复版本	漏洞信息

/home/git/gitlab/spec/fixtures/ssl_key.pem ()

低危漏洞:0

中危漏洞:0

高危漏洞:0

严重漏洞:0

软件包	漏洞	安全状态	安装版本	修复版本	漏洞信息

/home/git/gitlab/spec/lib/json_web_token/rsa_token_spec.rb ()

低危漏洞:0

中危漏洞:0

高危漏洞:0

严重漏洞:0

软件包	漏洞	安全状态	安装版本	修复版本	漏洞信息

/home/git/gitlab/qa/tls_certificates/client/client.key ()

低危漏洞:0

中危漏洞:0

高危漏洞:0

严重漏洞:0

软件包	漏洞	安全状态	安装版本	修复版本	漏洞信息

/home/git/gitlab/spec/frontend/notes/components/noteable_note_spec.js ()

低危漏洞:0

中危漏洞:0

高危漏洞:0

严重漏洞:0

软件包	漏洞	安全状态	安装版本	修复版本	漏洞信息

/home/git/gitlab/spec/lib/gitlab/auth/ldap/config_spec.rb ()

低危漏洞:0

中危漏洞:0

高危漏洞:0

严重漏洞:0

软件包	漏洞	安全状态	安装版本	修复版本	漏洞信息

/home/git/gitlab/spec/frontend/lib/utils/secret_detection_spec.js ()

低危漏洞:0

中危漏洞:0

高危漏洞:0

严重漏洞:0

软件包	漏洞	安全状态	安装版本	修复版本	漏洞信息

/home/git/gitlab/spec/lib/gitlab/middleware/handle_malformed_strings_spec.rb ()

低危漏洞:0

中危漏洞:0

高危漏洞:0

严重漏洞:0

软件包	漏洞	安全状态	安装版本	修复版本	漏洞信息

/home/git/gitlab/spec/models/integrations/prometheus_spec.rb ()

低危漏洞:0

中危漏洞:0

高危漏洞:0

严重漏洞:0

软件包	漏洞	安全状态	安装版本	修复版本	漏洞信息

/etc/ssh/ssh_host_ecdsa_key ()

低危漏洞:0

中危漏洞:0

高危漏洞:0

严重漏洞:0

软件包	漏洞	安全状态	安装版本	修复版本	漏洞信息

/home/git/gitaly/ruby/spec/support/helpers/certs/gitalykey.pem ()

低危漏洞:0

中危漏洞:0

高危漏洞:0

严重漏洞:0

软件包	漏洞	安全状态	安装版本	修复版本	漏洞信息

/home/git/gitlab/spec/controllers/projects/settings/operations_controller_spec.rb ()

低危漏洞:0

中危漏洞:0

高危漏洞:0

严重漏洞:0

软件包	漏洞	安全状态	安装版本	修复版本	漏洞信息

/home/git/gitlab/spec/fixtures/service_account.json ()

低危漏洞:0

中危漏洞:0

高危漏洞:0

严重漏洞:0

软件包	漏洞	安全状态	安装版本	修复版本	漏洞信息

/home/git/gitlab/spec/fixtures/x509_certificate_pk.key ()

低危漏洞:0

中危漏洞:0

高危漏洞:0

严重漏洞:0

软件包	漏洞	安全状态	安装版本	修复版本	漏洞信息

/etc/ssh/ssh_host_ed25519_key ()

低危漏洞:0

中危漏洞:0

高危漏洞:0

严重漏洞:0

软件包	漏洞	安全状态	安装版本	修复版本	漏洞信息

/home/git/gitlab/qa/tls_certificates/authority/ca.key ()

低危漏洞:0

中危漏洞:0

高危漏洞:0

严重漏洞:0

软件包	漏洞	安全状态	安装版本	修复版本	漏洞信息

/home/git/gitlab/qa/tls_certificates/authority/ca.pem ()

低危漏洞:0

中危漏洞:0

高危漏洞:0

严重漏洞:0

软件包	漏洞	安全状态	安装版本	修复版本	漏洞信息