docker.io/sameersbn/gitlab:16.9.6 - Trivy镜像安全扫描结果

全部漏洞信息

低危漏洞:89

中危漏洞:252

高危漏洞:81

严重漏洞:36

系统OS: ubuntu 20.04 扫描引擎: Trivy 扫描时间: 2025-02-18 09:26

docker.io/sameersbn/gitlab:16.9.6 (ubuntu 20.04) (ubuntu)

低危漏洞:70

中危漏洞:95

高危漏洞:0

严重漏洞:0

软件包	漏洞	安全状态	安装版本	修复版本	漏洞信息
curl	CVE-2024-7264	中危	7.68.0-1ubuntu2.22	7.68.0-1ubuntu2.23	curl: libcurl: ASN.1 date parser overread 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-7264 镜像层: sha256:e2a59e5334d9168f2118844bba61bc9b9d77b5fa46138ac4820d1e94a7109573 发布日期: 2024-07-31 08:15 修改: 2024-10-30 20:35
curl	CVE-2024-8096	中危	7.68.0-1ubuntu2.22	7.68.0-1ubuntu2.24	curl: OCSP stapling bypass with GnuTLS 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-8096 镜像层: sha256:e2a59e5334d9168f2118844bba61bc9b9d77b5fa46138ac4820d1e94a7109573 发布日期: 2024-09-11 10:15 修改: 2024-09-11 16:26
libc-bin	CVE-2024-33599	中危	2.31-0ubuntu9.15	2.31-0ubuntu9.16	glibc: stack-based buffer overflow in netgroup cache 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-33599 镜像层: sha256:5cd154ce1ac8500568cbfd3f7ac03500b1701f00e4edec5b1b57bfe208d6813c 发布日期: 2024-05-06 20:15 修改: 2024-07-22 18:15
libc-bin	CVE-2024-33600	中危	2.31-0ubuntu9.15	2.31-0ubuntu9.16	glibc: null pointer dereferences after failed netgroup cache insertion 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-33600 镜像层: sha256:5cd154ce1ac8500568cbfd3f7ac03500b1701f00e4edec5b1b57bfe208d6813c 发布日期: 2024-05-06 20:15 修改: 2024-07-22 18:15
libc-bin	CVE-2024-33601	中危	2.31-0ubuntu9.15	2.31-0ubuntu9.16	glibc: netgroup cache may terminate daemon on memory allocation failure 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-33601 镜像层: sha256:5cd154ce1ac8500568cbfd3f7ac03500b1701f00e4edec5b1b57bfe208d6813c 发布日期: 2024-05-06 20:15 修改: 2024-07-22 18:15
libc-bin	CVE-2024-33602	中危	2.31-0ubuntu9.15	2.31-0ubuntu9.16	glibc: netgroup cache assumes NSS callback uses in-buffer strings 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-33602 镜像层: sha256:5cd154ce1ac8500568cbfd3f7ac03500b1701f00e4edec5b1b57bfe208d6813c 发布日期: 2024-05-06 20:15 修改: 2024-07-22 18:15
libc6	CVE-2024-33599	中危	2.31-0ubuntu9.15	2.31-0ubuntu9.16	glibc: stack-based buffer overflow in netgroup cache 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-33599 镜像层: sha256:5cd154ce1ac8500568cbfd3f7ac03500b1701f00e4edec5b1b57bfe208d6813c 发布日期: 2024-05-06 20:15 修改: 2024-07-22 18:15
libc6	CVE-2024-33600	中危	2.31-0ubuntu9.15	2.31-0ubuntu9.16	glibc: null pointer dereferences after failed netgroup cache insertion 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-33600 镜像层: sha256:5cd154ce1ac8500568cbfd3f7ac03500b1701f00e4edec5b1b57bfe208d6813c 发布日期: 2024-05-06 20:15 修改: 2024-07-22 18:15
libc6	CVE-2024-33601	中危	2.31-0ubuntu9.15	2.31-0ubuntu9.16	glibc: netgroup cache may terminate daemon on memory allocation failure 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-33601 镜像层: sha256:5cd154ce1ac8500568cbfd3f7ac03500b1701f00e4edec5b1b57bfe208d6813c 发布日期: 2024-05-06 20:15 修改: 2024-07-22 18:15
libc6	CVE-2024-33602	中危	2.31-0ubuntu9.15	2.31-0ubuntu9.16	glibc: netgroup cache assumes NSS callback uses in-buffer strings 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-33602 镜像层: sha256:5cd154ce1ac8500568cbfd3f7ac03500b1701f00e4edec5b1b57bfe208d6813c 发布日期: 2024-05-06 20:15 修改: 2024-07-22 18:15
libcurl4	CVE-2024-7264	中危	7.68.0-1ubuntu2.22	7.68.0-1ubuntu2.23	curl: libcurl: ASN.1 date parser overread 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-7264 镜像层: sha256:e2a59e5334d9168f2118844bba61bc9b9d77b5fa46138ac4820d1e94a7109573 发布日期: 2024-07-31 08:15 修改: 2024-10-30 20:35
libcurl4	CVE-2024-8096	中危	7.68.0-1ubuntu2.22	7.68.0-1ubuntu2.24	curl: OCSP stapling bypass with GnuTLS 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-8096 镜像层: sha256:e2a59e5334d9168f2118844bba61bc9b9d77b5fa46138ac4820d1e94a7109573 发布日期: 2024-09-11 10:15 修改: 2024-09-11 16:26
libexpat1	CVE-2024-45490	中危	2.2.9-1ubuntu0.6	2.2.9-1ubuntu0.7	libexpat: Negative Length Parsing Vulnerability in libexpat 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-45490 镜像层: sha256:e2a59e5334d9168f2118844bba61bc9b9d77b5fa46138ac4820d1e94a7109573 发布日期: 2024-08-30 03:15 修改: 2024-10-18 12:24
libexpat1	CVE-2024-45491	中危	2.2.9-1ubuntu0.6	2.2.9-1ubuntu0.7	libexpat: Integer Overflow or Wraparound 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-45491 镜像层: sha256:e2a59e5334d9168f2118844bba61bc9b9d77b5fa46138ac4820d1e94a7109573 发布日期: 2024-08-30 03:15 修改: 2024-09-04 14:28
libexpat1	CVE-2024-45492	中危	2.2.9-1ubuntu0.6	2.2.9-1ubuntu0.7	libexpat: integer overflow 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-45492 镜像层: sha256:e2a59e5334d9168f2118844bba61bc9b9d77b5fa46138ac4820d1e94a7109573 发布日期: 2024-08-30 03:15 修改: 2024-09-04 14:28
libexpat1	CVE-2024-50602	中危	2.2.9-1ubuntu0.6	2.2.9-1ubuntu0.8	libexpat: expat: DoS via XML_ResumeParser 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-50602 镜像层: sha256:e2a59e5334d9168f2118844bba61bc9b9d77b5fa46138ac4820d1e94a7109573 发布日期: 2024-10-27 05:15 修改: 2024-10-30 18:35
libfreetype6	CVE-2025-23022	中危	2.10.1-2ubuntu0.3		freetype: signed integer overflow in cf2_doFlex 漏洞详情: https://avd.aquasec.com/nvd/cve-2025-23022 镜像层: sha256:e2a59e5334d9168f2118844bba61bc9b9d77b5fa46138ac4820d1e94a7109573 发布日期: 2025-01-10 15:15 修改: 2025-01-16 21:12
libgssapi-krb5-2	CVE-2024-26462	中危	1.17-6ubuntu4.4		krb5: Memory leak at /krb5/src/kdc/ndr.c 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-26462 镜像层: sha256:e2a59e5334d9168f2118844bba61bc9b9d77b5fa46138ac4820d1e94a7109573 发布日期: 2024-02-29 01:44 修改: 2024-05-14 15:09
libgssapi-krb5-2	CVE-2024-37370	中危	1.17-6ubuntu4.4	1.17-6ubuntu4.6	krb5: GSS message token handling 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-37370 镜像层: sha256:e2a59e5334d9168f2118844bba61bc9b9d77b5fa46138ac4820d1e94a7109573 发布日期: 2024-06-28 22:15 修改: 2024-08-27 17:48
libgssapi-krb5-2	CVE-2024-37371	中危	1.17-6ubuntu4.4	1.17-6ubuntu4.6	krb5: GSS message token handling 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-37371 镜像层: sha256:e2a59e5334d9168f2118844bba61bc9b9d77b5fa46138ac4820d1e94a7109573 发布日期: 2024-06-28 23:15 修改: 2024-09-18 12:39
libimage-exiftool-perl	CVE-2022-23935	中危	11.88-1ubuntu0.1		lib/Image/ExifTool.pm in ExifTool before 12.38 mishandles a $file =~ / ... 漏洞详情: https://avd.aquasec.com/nvd/cve-2022-23935 镜像层: sha256:e2a59e5334d9168f2118844bba61bc9b9d77b5fa46138ac4820d1e94a7109573 发布日期: 2022-01-25 06:15 修改: 2023-08-08 14:21
libk5crypto3	CVE-2024-26462	中危	1.17-6ubuntu4.4		krb5: Memory leak at /krb5/src/kdc/ndr.c 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-26462 镜像层: sha256:e2a59e5334d9168f2118844bba61bc9b9d77b5fa46138ac4820d1e94a7109573 发布日期: 2024-02-29 01:44 修改: 2024-05-14 15:09
libk5crypto3	CVE-2024-37370	中危	1.17-6ubuntu4.4	1.17-6ubuntu4.6	krb5: GSS message token handling 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-37370 镜像层: sha256:e2a59e5334d9168f2118844bba61bc9b9d77b5fa46138ac4820d1e94a7109573 发布日期: 2024-06-28 22:15 修改: 2024-08-27 17:48
libk5crypto3	CVE-2024-37371	中危	1.17-6ubuntu4.4	1.17-6ubuntu4.6	krb5: GSS message token handling 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-37371 镜像层: sha256:e2a59e5334d9168f2118844bba61bc9b9d77b5fa46138ac4820d1e94a7109573 发布日期: 2024-06-28 23:15 修改: 2024-09-18 12:39
libkrb5-3	CVE-2024-26462	中危	1.17-6ubuntu4.4		krb5: Memory leak at /krb5/src/kdc/ndr.c 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-26462 镜像层: sha256:e2a59e5334d9168f2118844bba61bc9b9d77b5fa46138ac4820d1e94a7109573 发布日期: 2024-02-29 01:44 修改: 2024-05-14 15:09
libkrb5-3	CVE-2024-37370	中危	1.17-6ubuntu4.4	1.17-6ubuntu4.6	krb5: GSS message token handling 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-37370 镜像层: sha256:e2a59e5334d9168f2118844bba61bc9b9d77b5fa46138ac4820d1e94a7109573 发布日期: 2024-06-28 22:15 修改: 2024-08-27 17:48
libkrb5-3	CVE-2024-37371	中危	1.17-6ubuntu4.4	1.17-6ubuntu4.6	krb5: GSS message token handling 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-37371 镜像层: sha256:e2a59e5334d9168f2118844bba61bc9b9d77b5fa46138ac4820d1e94a7109573 发布日期: 2024-06-28 23:15 修改: 2024-09-18 12:39
libkrb5support0	CVE-2024-26462	中危	1.17-6ubuntu4.4		krb5: Memory leak at /krb5/src/kdc/ndr.c 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-26462 镜像层: sha256:e2a59e5334d9168f2118844bba61bc9b9d77b5fa46138ac4820d1e94a7109573 发布日期: 2024-02-29 01:44 修改: 2024-05-14 15:09
libkrb5support0	CVE-2024-37370	中危	1.17-6ubuntu4.4	1.17-6ubuntu4.6	krb5: GSS message token handling 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-37370 镜像层: sha256:e2a59e5334d9168f2118844bba61bc9b9d77b5fa46138ac4820d1e94a7109573 发布日期: 2024-06-28 22:15 修改: 2024-08-27 17:48
libkrb5support0	CVE-2024-37371	中危	1.17-6ubuntu4.4	1.17-6ubuntu4.6	krb5: GSS message token handling 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-37371 镜像层: sha256:e2a59e5334d9168f2118844bba61bc9b9d77b5fa46138ac4820d1e94a7109573 发布日期: 2024-06-28 23:15 修改: 2024-09-18 12:39
libpam-modules	CVE-2024-10041	中危	1.3.1-5ubuntu4.7		pam: libpam: Libpam vulnerable to read hashed password 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-10041 镜像层: sha256:e915d510ff2b469b8d03347ad6e785254beeb449931f7631dbcede8e5f281540 发布日期: 2024-10-23 14:15 修改: 2024-12-18 10:15
libpam-modules-bin	CVE-2024-10041	中危	1.3.1-5ubuntu4.7		pam: libpam: Libpam vulnerable to read hashed password 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-10041 镜像层: sha256:e915d510ff2b469b8d03347ad6e785254beeb449931f7631dbcede8e5f281540 发布日期: 2024-10-23 14:15 修改: 2024-12-18 10:15
libpam-runtime	CVE-2024-10041	中危	1.3.1-5ubuntu4.7		pam: libpam: Libpam vulnerable to read hashed password 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-10041 镜像层: sha256:e915d510ff2b469b8d03347ad6e785254beeb449931f7631dbcede8e5f281540 发布日期: 2024-10-23 14:15 修改: 2024-12-18 10:15
libpam0g	CVE-2024-10041	中危	1.3.1-5ubuntu4.7		pam: libpam: Libpam vulnerable to read hashed password 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-10041 镜像层: sha256:e915d510ff2b469b8d03347ad6e785254beeb449931f7631dbcede8e5f281540 发布日期: 2024-10-23 14:15 修改: 2024-12-18 10:15
libpython3.8-minimal	CVE-2023-27043	中危	3.8.10-0ubuntu1~20.04.9	3.8.10-0ubuntu1~20.04.12	python: Parsing errors in email/_parseaddr.py lead to incorrect value in email address part of tuple 漏洞详情: https://avd.aquasec.com/nvd/cve-2023-27043 镜像层: sha256:e2a59e5334d9168f2118844bba61bc9b9d77b5fa46138ac4820d1e94a7109573 发布日期: 2023-04-19 00:15 修改: 2024-02-26 16:27
libpython3.8-minimal	CVE-2023-6597	中危	3.8.10-0ubuntu1~20.04.9	3.8.10-0ubuntu1~20.04.10	python: Path traversal on tempfile.TemporaryDirectory 漏洞详情: https://avd.aquasec.com/nvd/cve-2023-6597 镜像层: sha256:e2a59e5334d9168f2118844bba61bc9b9d77b5fa46138ac4820d1e94a7109573 发布日期: 2024-03-19 16:15 修改: 2024-06-10 18:15
libpython3.8-minimal	CVE-2024-0397	中危	3.8.10-0ubuntu1~20.04.9	3.8.10-0ubuntu1~20.04.11	cpython: python: Memory race condition in ssl.SSLContext certificate store methods 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-0397 镜像层: sha256:e2a59e5334d9168f2118844bba61bc9b9d77b5fa46138ac4820d1e94a7109573 发布日期: 2024-06-17 16:15 修改: 2024-07-03 01:44
libpython3.8-minimal	CVE-2024-0450	中危	3.8.10-0ubuntu1~20.04.9	3.8.10-0ubuntu1~20.04.10	python: The zipfile module is vulnerable to zip-bombs leading to denial of service 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-0450 镜像层: sha256:e2a59e5334d9168f2118844bba61bc9b9d77b5fa46138ac4820d1e94a7109573 发布日期: 2024-03-19 16:15 修改: 2024-06-10 18:15
libpython3.8-minimal	CVE-2024-11168	中危	3.8.10-0ubuntu1~20.04.9		python: Improper validation of IPv6 and IPvFuture addresses 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-11168 镜像层: sha256:e2a59e5334d9168f2118844bba61bc9b9d77b5fa46138ac4820d1e94a7109573 发布日期: 2024-11-12 22:15 修改: 2025-01-06 18:15
libpython3.8-minimal	CVE-2024-6232	中危	3.8.10-0ubuntu1~20.04.9	3.8.10-0ubuntu1~20.04.12	python: cpython: tarfile: ReDos via excessive backtracking while parsing header values 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-6232 镜像层: sha256:e2a59e5334d9168f2118844bba61bc9b9d77b5fa46138ac4820d1e94a7109573 发布日期: 2024-09-03 13:15 修改: 2024-09-04 21:15
libpython3.8-minimal	CVE-2024-6923	中危	3.8.10-0ubuntu1~20.04.9	3.8.10-0ubuntu1~20.04.12	cpython: python: email module doesn't properly quotes newlines in email headers, allowing header injection 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-6923 镜像层: sha256:e2a59e5334d9168f2118844bba61bc9b9d77b5fa46138ac4820d1e94a7109573 发布日期: 2024-08-01 14:15 修改: 2025-01-11 15:15
libpython3.8-minimal	CVE-2024-8088	中危	3.8.10-0ubuntu1~20.04.9	3.8.10-0ubuntu1~20.04.12	python: cpython: Iterating over a malicious ZIP file may lead to Denial of Service 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-8088 镜像层: sha256:e2a59e5334d9168f2118844bba61bc9b9d77b5fa46138ac4820d1e94a7109573 发布日期: 2024-08-22 19:15 修改: 2024-09-04 23:15
libpython3.8-minimal	CVE-2024-9287	中危	3.8.10-0ubuntu1~20.04.9	3.8.10-0ubuntu1~20.04.13	python: Virtual environment (venv) activation scripts don't quote paths 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-9287 镜像层: sha256:e2a59e5334d9168f2118844bba61bc9b9d77b5fa46138ac4820d1e94a7109573 发布日期: 2024-10-22 17:15 修改: 2024-11-04 18:15
libpython3.8-stdlib	CVE-2023-27043	中危	3.8.10-0ubuntu1~20.04.9	3.8.10-0ubuntu1~20.04.12	python: Parsing errors in email/_parseaddr.py lead to incorrect value in email address part of tuple 漏洞详情: https://avd.aquasec.com/nvd/cve-2023-27043 镜像层: sha256:e2a59e5334d9168f2118844bba61bc9b9d77b5fa46138ac4820d1e94a7109573 发布日期: 2023-04-19 00:15 修改: 2024-02-26 16:27
libpython3.8-stdlib	CVE-2023-6597	中危	3.8.10-0ubuntu1~20.04.9	3.8.10-0ubuntu1~20.04.10	python: Path traversal on tempfile.TemporaryDirectory 漏洞详情: https://avd.aquasec.com/nvd/cve-2023-6597 镜像层: sha256:e2a59e5334d9168f2118844bba61bc9b9d77b5fa46138ac4820d1e94a7109573 发布日期: 2024-03-19 16:15 修改: 2024-06-10 18:15
libpython3.8-stdlib	CVE-2024-0397	中危	3.8.10-0ubuntu1~20.04.9	3.8.10-0ubuntu1~20.04.11	cpython: python: Memory race condition in ssl.SSLContext certificate store methods 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-0397 镜像层: sha256:e2a59e5334d9168f2118844bba61bc9b9d77b5fa46138ac4820d1e94a7109573 发布日期: 2024-06-17 16:15 修改: 2024-07-03 01:44
libpython3.8-stdlib	CVE-2024-0450	中危	3.8.10-0ubuntu1~20.04.9	3.8.10-0ubuntu1~20.04.10	python: The zipfile module is vulnerable to zip-bombs leading to denial of service 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-0450 镜像层: sha256:e2a59e5334d9168f2118844bba61bc9b9d77b5fa46138ac4820d1e94a7109573 发布日期: 2024-03-19 16:15 修改: 2024-06-10 18:15
libpython3.8-stdlib	CVE-2024-11168	中危	3.8.10-0ubuntu1~20.04.9		python: Improper validation of IPv6 and IPvFuture addresses 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-11168 镜像层: sha256:e2a59e5334d9168f2118844bba61bc9b9d77b5fa46138ac4820d1e94a7109573 发布日期: 2024-11-12 22:15 修改: 2025-01-06 18:15
libpython3.8-stdlib	CVE-2024-6232	中危	3.8.10-0ubuntu1~20.04.9	3.8.10-0ubuntu1~20.04.12	python: cpython: tarfile: ReDos via excessive backtracking while parsing header values 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-6232 镜像层: sha256:e2a59e5334d9168f2118844bba61bc9b9d77b5fa46138ac4820d1e94a7109573 发布日期: 2024-09-03 13:15 修改: 2024-09-04 21:15
libpython3.8-stdlib	CVE-2024-6923	中危	3.8.10-0ubuntu1~20.04.9	3.8.10-0ubuntu1~20.04.12	cpython: python: email module doesn't properly quotes newlines in email headers, allowing header injection 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-6923 镜像层: sha256:e2a59e5334d9168f2118844bba61bc9b9d77b5fa46138ac4820d1e94a7109573 发布日期: 2024-08-01 14:15 修改: 2025-01-11 15:15
libpython3.8-stdlib	CVE-2024-8088	中危	3.8.10-0ubuntu1~20.04.9	3.8.10-0ubuntu1~20.04.12	python: cpython: Iterating over a malicious ZIP file may lead to Denial of Service 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-8088 镜像层: sha256:e2a59e5334d9168f2118844bba61bc9b9d77b5fa46138ac4820d1e94a7109573 发布日期: 2024-08-22 19:15 修改: 2024-09-04 23:15
libpython3.8-stdlib	CVE-2024-9287	中危	3.8.10-0ubuntu1~20.04.9	3.8.10-0ubuntu1~20.04.13	python: Virtual environment (venv) activation scripts don't quote paths 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-9287 镜像层: sha256:e2a59e5334d9168f2118844bba61bc9b9d77b5fa46138ac4820d1e94a7109573 发布日期: 2024-10-22 17:15 修改: 2024-11-04 18:15
libtiff5	CVE-2024-7006	中危	4.1.0+git191117-2ubuntu0.20.04.12	4.1.0+git191117-2ubuntu0.20.04.14	libtiff: NULL pointer dereference in tif_dirinfo.c 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-7006 镜像层: sha256:e2a59e5334d9168f2118844bba61bc9b9d77b5fa46138ac4820d1e94a7109573 发布日期: 2024-08-12 13:38 修改: 2024-11-06 10:15
locales	CVE-2024-33599	中危	2.31-0ubuntu9.15	2.31-0ubuntu9.16	glibc: stack-based buffer overflow in netgroup cache 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-33599 镜像层: sha256:e2a59e5334d9168f2118844bba61bc9b9d77b5fa46138ac4820d1e94a7109573 发布日期: 2024-05-06 20:15 修改: 2024-07-22 18:15
locales	CVE-2024-33600	中危	2.31-0ubuntu9.15	2.31-0ubuntu9.16	glibc: null pointer dereferences after failed netgroup cache insertion 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-33600 镜像层: sha256:e2a59e5334d9168f2118844bba61bc9b9d77b5fa46138ac4820d1e94a7109573 发布日期: 2024-05-06 20:15 修改: 2024-07-22 18:15
locales	CVE-2024-33601	中危	2.31-0ubuntu9.15	2.31-0ubuntu9.16	glibc: netgroup cache may terminate daemon on memory allocation failure 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-33601 镜像层: sha256:e2a59e5334d9168f2118844bba61bc9b9d77b5fa46138ac4820d1e94a7109573 发布日期: 2024-05-06 20:15 修改: 2024-07-22 18:15
locales	CVE-2024-33602	中危	2.31-0ubuntu9.15	2.31-0ubuntu9.16	glibc: netgroup cache assumes NSS callback uses in-buffer strings 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-33602 镜像层: sha256:e2a59e5334d9168f2118844bba61bc9b9d77b5fa46138ac4820d1e94a7109573 发布日期: 2024-05-06 20:15 修改: 2024-07-22 18:15
login	CVE-2024-56433	中危	1:4.8.1-1ubuntu5.20.04.5		shadow-utils: Default subordinate ID configuration in /etc/login.defs could lead to compromise 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-56433 镜像层: sha256:e915d510ff2b469b8d03347ad6e785254beeb449931f7631dbcede8e5f281540 发布日期: 2024-12-26 09:15 修改: 2024-12-26 09:15
passwd	CVE-2024-56433	中危	1:4.8.1-1ubuntu5.20.04.5		shadow-utils: Default subordinate ID configuration in /etc/login.defs could lead to compromise 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-56433 镜像层: sha256:e915d510ff2b469b8d03347ad6e785254beeb449931f7631dbcede8e5f281540 发布日期: 2024-12-26 09:15 修改: 2024-12-26 09:15
python3-pkg-resources	CVE-2024-6345	中危	45.2.0-1ubuntu0.1	45.2.0-1ubuntu0.2	pypa/setuptools: Remote code execution via download functions in the package_index module in pypa/setuptools 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-6345 镜像层: sha256:e2a59e5334d9168f2118844bba61bc9b9d77b5fa46138ac4820d1e94a7109573 发布日期: 2024-07-15 01:15 修改: 2024-07-15 13:00
python3.8	CVE-2023-27043	中危	3.8.10-0ubuntu1~20.04.9	3.8.10-0ubuntu1~20.04.12	python: Parsing errors in email/_parseaddr.py lead to incorrect value in email address part of tuple 漏洞详情: https://avd.aquasec.com/nvd/cve-2023-27043 镜像层: sha256:e2a59e5334d9168f2118844bba61bc9b9d77b5fa46138ac4820d1e94a7109573 发布日期: 2023-04-19 00:15 修改: 2024-02-26 16:27
python3.8	CVE-2023-6597	中危	3.8.10-0ubuntu1~20.04.9	3.8.10-0ubuntu1~20.04.10	python: Path traversal on tempfile.TemporaryDirectory 漏洞详情: https://avd.aquasec.com/nvd/cve-2023-6597 镜像层: sha256:e2a59e5334d9168f2118844bba61bc9b9d77b5fa46138ac4820d1e94a7109573 发布日期: 2024-03-19 16:15 修改: 2024-06-10 18:15
python3.8	CVE-2024-0397	中危	3.8.10-0ubuntu1~20.04.9	3.8.10-0ubuntu1~20.04.11	cpython: python: Memory race condition in ssl.SSLContext certificate store methods 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-0397 镜像层: sha256:e2a59e5334d9168f2118844bba61bc9b9d77b5fa46138ac4820d1e94a7109573 发布日期: 2024-06-17 16:15 修改: 2024-07-03 01:44
python3.8	CVE-2024-0450	中危	3.8.10-0ubuntu1~20.04.9	3.8.10-0ubuntu1~20.04.10	python: The zipfile module is vulnerable to zip-bombs leading to denial of service 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-0450 镜像层: sha256:e2a59e5334d9168f2118844bba61bc9b9d77b5fa46138ac4820d1e94a7109573 发布日期: 2024-03-19 16:15 修改: 2024-06-10 18:15
python3.8	CVE-2024-11168	中危	3.8.10-0ubuntu1~20.04.9		python: Improper validation of IPv6 and IPvFuture addresses 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-11168 镜像层: sha256:e2a59e5334d9168f2118844bba61bc9b9d77b5fa46138ac4820d1e94a7109573 发布日期: 2024-11-12 22:15 修改: 2025-01-06 18:15
python3.8	CVE-2024-6232	中危	3.8.10-0ubuntu1~20.04.9	3.8.10-0ubuntu1~20.04.12	python: cpython: tarfile: ReDos via excessive backtracking while parsing header values 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-6232 镜像层: sha256:e2a59e5334d9168f2118844bba61bc9b9d77b5fa46138ac4820d1e94a7109573 发布日期: 2024-09-03 13:15 修改: 2024-09-04 21:15
python3.8	CVE-2024-6923	中危	3.8.10-0ubuntu1~20.04.9	3.8.10-0ubuntu1~20.04.12	cpython: python: email module doesn't properly quotes newlines in email headers, allowing header injection 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-6923 镜像层: sha256:e2a59e5334d9168f2118844bba61bc9b9d77b5fa46138ac4820d1e94a7109573 发布日期: 2024-08-01 14:15 修改: 2025-01-11 15:15
python3.8	CVE-2024-8088	中危	3.8.10-0ubuntu1~20.04.9	3.8.10-0ubuntu1~20.04.12	python: cpython: Iterating over a malicious ZIP file may lead to Denial of Service 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-8088 镜像层: sha256:e2a59e5334d9168f2118844bba61bc9b9d77b5fa46138ac4820d1e94a7109573 发布日期: 2024-08-22 19:15 修改: 2024-09-04 23:15
python3.8	CVE-2024-9287	中危	3.8.10-0ubuntu1~20.04.9	3.8.10-0ubuntu1~20.04.13	python: Virtual environment (venv) activation scripts don't quote paths 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-9287 镜像层: sha256:e2a59e5334d9168f2118844bba61bc9b9d77b5fa46138ac4820d1e94a7109573 发布日期: 2024-10-22 17:15 修改: 2024-11-04 18:15
python3.8-minimal	CVE-2023-27043	中危	3.8.10-0ubuntu1~20.04.9	3.8.10-0ubuntu1~20.04.12	python: Parsing errors in email/_parseaddr.py lead to incorrect value in email address part of tuple 漏洞详情: https://avd.aquasec.com/nvd/cve-2023-27043 镜像层: sha256:e2a59e5334d9168f2118844bba61bc9b9d77b5fa46138ac4820d1e94a7109573 发布日期: 2023-04-19 00:15 修改: 2024-02-26 16:27
python3.8-minimal	CVE-2023-6597	中危	3.8.10-0ubuntu1~20.04.9	3.8.10-0ubuntu1~20.04.10	python: Path traversal on tempfile.TemporaryDirectory 漏洞详情: https://avd.aquasec.com/nvd/cve-2023-6597 镜像层: sha256:e2a59e5334d9168f2118844bba61bc9b9d77b5fa46138ac4820d1e94a7109573 发布日期: 2024-03-19 16:15 修改: 2024-06-10 18:15
python3.8-minimal	CVE-2024-0397	中危	3.8.10-0ubuntu1~20.04.9	3.8.10-0ubuntu1~20.04.11	cpython: python: Memory race condition in ssl.SSLContext certificate store methods 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-0397 镜像层: sha256:e2a59e5334d9168f2118844bba61bc9b9d77b5fa46138ac4820d1e94a7109573 发布日期: 2024-06-17 16:15 修改: 2024-07-03 01:44
python3.8-minimal	CVE-2024-0450	中危	3.8.10-0ubuntu1~20.04.9	3.8.10-0ubuntu1~20.04.10	python: The zipfile module is vulnerable to zip-bombs leading to denial of service 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-0450 镜像层: sha256:e2a59e5334d9168f2118844bba61bc9b9d77b5fa46138ac4820d1e94a7109573 发布日期: 2024-03-19 16:15 修改: 2024-06-10 18:15
python3.8-minimal	CVE-2024-11168	中危	3.8.10-0ubuntu1~20.04.9		python: Improper validation of IPv6 and IPvFuture addresses 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-11168 镜像层: sha256:e2a59e5334d9168f2118844bba61bc9b9d77b5fa46138ac4820d1e94a7109573 发布日期: 2024-11-12 22:15 修改: 2025-01-06 18:15
python3.8-minimal	CVE-2024-6232	中危	3.8.10-0ubuntu1~20.04.9	3.8.10-0ubuntu1~20.04.12	python: cpython: tarfile: ReDos via excessive backtracking while parsing header values 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-6232 镜像层: sha256:e2a59e5334d9168f2118844bba61bc9b9d77b5fa46138ac4820d1e94a7109573 发布日期: 2024-09-03 13:15 修改: 2024-09-04 21:15
python3.8-minimal	CVE-2024-6923	中危	3.8.10-0ubuntu1~20.04.9	3.8.10-0ubuntu1~20.04.12	cpython: python: email module doesn't properly quotes newlines in email headers, allowing header injection 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-6923 镜像层: sha256:e2a59e5334d9168f2118844bba61bc9b9d77b5fa46138ac4820d1e94a7109573 发布日期: 2024-08-01 14:15 修改: 2025-01-11 15:15
python3.8-minimal	CVE-2024-8088	中危	3.8.10-0ubuntu1~20.04.9	3.8.10-0ubuntu1~20.04.12	python: cpython: Iterating over a malicious ZIP file may lead to Denial of Service 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-8088 镜像层: sha256:e2a59e5334d9168f2118844bba61bc9b9d77b5fa46138ac4820d1e94a7109573 发布日期: 2024-08-22 19:15 修改: 2024-09-04 23:15
python3.8-minimal	CVE-2024-9287	中危	3.8.10-0ubuntu1~20.04.9	3.8.10-0ubuntu1~20.04.13	python: Virtual environment (venv) activation scripts don't quote paths 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-9287 镜像层: sha256:e2a59e5334d9168f2118844bba61bc9b9d77b5fa46138ac4820d1e94a7109573 发布日期: 2024-10-22 17:15 修改: 2024-11-04 18:15
redis-tools	CVE-2020-14147	中危	5:5.0.7-2ubuntu0.1		redis: integer overflow in the getnum function in lua_struct.c could lead to a DoS 漏洞详情: https://avd.aquasec.com/nvd/cve-2020-14147 镜像层: sha256:e2a59e5334d9168f2118844bba61bc9b9d77b5fa46138ac4820d1e94a7109573 发布日期: 2020-06-15 18:15 修改: 2021-07-30 13:59
redis-tools	CVE-2021-32626	中危	5:5.0.7-2ubuntu0.1		redis: Lua scripts can overflow the heap-based Lua stack 漏洞详情: https://avd.aquasec.com/nvd/cve-2021-32626 镜像层: sha256:e2a59e5334d9168f2118844bba61bc9b9d77b5fa46138ac4820d1e94a7109573 发布日期: 2021-10-04 18:15 修改: 2023-11-07 03:35
redis-tools	CVE-2021-32627	中危	5:5.0.7-2ubuntu0.1		redis: Integer overflow issue with Streams 漏洞详情: https://avd.aquasec.com/nvd/cve-2021-32627 镜像层: sha256:e2a59e5334d9168f2118844bba61bc9b9d77b5fa46138ac4820d1e94a7109573 发布日期: 2021-10-04 18:15 修改: 2023-11-07 03:35
redis-tools	CVE-2021-32628	中危	5:5.0.7-2ubuntu0.1		redis: Integer overflow bug in the ziplist data structure 漏洞详情: https://avd.aquasec.com/nvd/cve-2021-32628 镜像层: sha256:e2a59e5334d9168f2118844bba61bc9b9d77b5fa46138ac4820d1e94a7109573 发布日期: 2021-10-04 18:15 修改: 2023-11-07 03:35
redis-tools	CVE-2021-32672	中危	5:5.0.7-2ubuntu0.1		redis: Out of bounds read in lua debugger protocol parser 漏洞详情: https://avd.aquasec.com/nvd/cve-2021-32672 镜像层: sha256:e2a59e5334d9168f2118844bba61bc9b9d77b5fa46138ac4820d1e94a7109573 发布日期: 2021-10-04 18:15 修改: 2023-11-07 03:35
redis-tools	CVE-2021-32675	中危	5:5.0.7-2ubuntu0.1		redis: Denial of service via Redis Standard Protocol (RESP) request 漏洞详情: https://avd.aquasec.com/nvd/cve-2021-32675 镜像层: sha256:e2a59e5334d9168f2118844bba61bc9b9d77b5fa46138ac4820d1e94a7109573 发布日期: 2021-10-04 18:15 修改: 2023-11-07 03:35
redis-tools	CVE-2021-32687	中危	5:5.0.7-2ubuntu0.1		redis: Integer overflow issue with intsets 漏洞详情: https://avd.aquasec.com/nvd/cve-2021-32687 镜像层: sha256:e2a59e5334d9168f2118844bba61bc9b9d77b5fa46138ac4820d1e94a7109573 发布日期: 2021-10-04 18:15 修改: 2023-11-07 03:35
redis-tools	CVE-2021-41099	中危	5:5.0.7-2ubuntu0.1		redis: Integer overflow issue with strings 漏洞详情: https://avd.aquasec.com/nvd/cve-2021-41099 镜像层: sha256:e2a59e5334d9168f2118844bba61bc9b9d77b5fa46138ac4820d1e94a7109573 发布日期: 2021-10-04 18:15 修改: 2023-11-07 03:38
redis-tools	CVE-2022-24736	中危	5:5.0.7-2ubuntu0.1		redis: Malformed Lua script can crash Redis 漏洞详情: https://avd.aquasec.com/nvd/cve-2022-24736 镜像层: sha256:e2a59e5334d9168f2118844bba61bc9b9d77b5fa46138ac4820d1e94a7109573 发布日期: 2022-04-27 20:15 修改: 2023-11-07 03:44
redis-tools	CVE-2022-24834	中危	5:5.0.7-2ubuntu0.1		redis: heap overflow in the lua cjson and cmsgpack libraries 漏洞详情: https://avd.aquasec.com/nvd/cve-2022-24834 镜像层: sha256:e2a59e5334d9168f2118844bba61bc9b9d77b5fa46138ac4820d1e94a7109573 发布日期: 2023-07-13 15:15 修改: 2023-08-14 19:15
redis-tools	CVE-2022-35977	中危	5:5.0.7-2ubuntu0.1		redis: Integer overflow in the Redis SETRANGE and SORT/SORT_RO commands may result with false OOM panic 漏洞详情: https://avd.aquasec.com/nvd/cve-2022-35977 镜像层: sha256:e2a59e5334d9168f2118844bba61bc9b9d77b5fa46138ac4820d1e94a7109573 发布日期: 2023-01-20 19:15 修改: 2023-02-02 14:28
redis-tools	CVE-2022-36021	中危	5:5.0.7-2ubuntu0.1		redis: Specially crafted SRANDMEMBER, ZRANDMEMBER, and HRANDFIELD commands can trigger an integer overflow 漏洞详情: https://avd.aquasec.com/nvd/cve-2022-36021 镜像层: sha256:e2a59e5334d9168f2118844bba61bc9b9d77b5fa46138ac4820d1e94a7109573 发布日期: 2023-03-01 16:15 修改: 2023-11-07 03:49
redis-tools	CVE-2023-25155	中危	5:5.0.7-2ubuntu0.1		redis: String matching commands (like SCAN or KEYS) with a specially crafted pattern to trigger a denial-of-service attack 漏洞详情: https://avd.aquasec.com/nvd/cve-2023-25155 镜像层: sha256:e2a59e5334d9168f2118844bba61bc9b9d77b5fa46138ac4820d1e94a7109573 发布日期: 2023-03-02 04:15 修改: 2023-03-10 05:02
redis-tools	CVE-2023-28856	中危	5:5.0.7-2ubuntu0.1		redis: Insufficient validation of HINCRBYFLOAT command 漏洞详情: https://avd.aquasec.com/nvd/cve-2023-28856 镜像层: sha256:e2a59e5334d9168f2118844bba61bc9b9d77b5fa46138ac4820d1e94a7109573 发布日期: 2023-04-18 21:15 修改: 2023-06-01 14:15
redis-tools	CVE-2023-45145	中危	5:5.0.7-2ubuntu0.1		redis: possible bypass of Unix socket permissions on startup 漏洞详情: https://avd.aquasec.com/nvd/cve-2023-45145 镜像层: sha256:e2a59e5334d9168f2118844bba61bc9b9d77b5fa46138ac4820d1e94a7109573 发布日期: 2023-10-18 21:15 修改: 2024-01-21 02:30
wget	CVE-2021-31879	中危	1.20.3-1ubuntu2		wget: authorization header disclosure on redirect 漏洞详情: https://avd.aquasec.com/nvd/cve-2021-31879 镜像层: sha256:5cd154ce1ac8500568cbfd3f7ac03500b1701f00e4edec5b1b57bfe208d6813c 发布日期: 2021-04-29 05:15 修改: 2022-05-13 20:52
wget	CVE-2024-38428	中危	1.20.3-1ubuntu2	1.20.3-1ubuntu2.1	wget: Misinterpretation of input may lead to improper behavior 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-38428 镜像层: sha256:5cd154ce1ac8500568cbfd3f7ac03500b1701f00e4edec5b1b57bfe208d6813c 发布日期: 2024-06-16 03:15 修改: 2024-10-28 21:35
libssl1.1	CVE-2024-5535	低危	1.1.1f-1ubuntu2.22	1.1.1f-1ubuntu2.23	openssl: SSL_select_next_proto buffer overread 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-5535 镜像层: sha256:5cd154ce1ac8500568cbfd3f7ac03500b1701f00e4edec5b1b57bfe208d6813c 发布日期: 2024-06-27 11:15 修改: 2024-07-12 14:15
libsystemd0	CVE-2023-26604	低危	245.4-4ubuntu3.23		systemd: privilege escalation via the less pager 漏洞详情: https://avd.aquasec.com/nvd/cve-2023-26604 镜像层: sha256:e915d510ff2b469b8d03347ad6e785254beeb449931f7631dbcede8e5f281540 发布日期: 2023-03-03 16:15 修改: 2023-11-07 04:09
libsystemd0	CVE-2023-7008	低危	245.4-4ubuntu3.23		systemd-resolved: Unsigned name response in signed zone is not refused when DNSSEC=yes 漏洞详情: https://avd.aquasec.com/nvd/cve-2023-7008 镜像层: sha256:e915d510ff2b469b8d03347ad6e785254beeb449931f7631dbcede8e5f281540 发布日期: 2023-12-23 13:15 修改: 2024-11-22 12:15
libkrb5-3	CVE-2024-26458	低危	1.17-6ubuntu4.4		krb5: Memory leak at /krb5/src/lib/rpc/pmap_rmt.c 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-26458 镜像层: sha256:e2a59e5334d9168f2118844bba61bc9b9d77b5fa46138ac4820d1e94a7109573 发布日期: 2024-02-29 01:44 修改: 2024-12-06 21:15
libtiff5	CVE-2023-3164	低危	4.1.0+git191117-2ubuntu0.20.04.12	4.1.0+git191117-2ubuntu0.20.04.13	libtiff: heap-buffer-overflow in extractImageSection() 漏洞详情: https://avd.aquasec.com/nvd/cve-2023-3164 镜像层: sha256:e2a59e5334d9168f2118844bba61bc9b9d77b5fa46138ac4820d1e94a7109573 发布日期: 2023-11-02 12:15 修改: 2024-03-08 19:38
libtiff5	CVE-2024-6716	低危	4.1.0+git191117-2ubuntu0.20.04.12		漏洞详情: https://avd.aquasec.com/nvd/cve-2024-6716 镜像层: sha256:e2a59e5334d9168f2118844bba61bc9b9d77b5fa46138ac4820d1e94a7109573 发布日期: 2024-07-15 15:15 修改: 2024-09-04 14:15
libtinfo5	CVE-2023-45918	低危	6.2-0ubuntu2.1		ncurses: NULL pointer dereference in tgetstr in tinfo/lib_termcap.c 漏洞详情: https://avd.aquasec.com/nvd/cve-2023-45918 镜像层: sha256:e2a59e5334d9168f2118844bba61bc9b9d77b5fa46138ac4820d1e94a7109573 发布日期: 2024-02-16 22:15 修改: 2024-11-21 21:15
libtinfo5	CVE-2023-50495	低危	6.2-0ubuntu2.1		ncurses: segmentation fault via _nc_wrap_entry() 漏洞详情: https://avd.aquasec.com/nvd/cve-2023-50495 镜像层: sha256:e2a59e5334d9168f2118844bba61bc9b9d77b5fa46138ac4820d1e94a7109573 发布日期: 2023-12-12 15:15 修改: 2024-01-31 03:15
libtinfo6	CVE-2023-45918	低危	6.2-0ubuntu2.1		ncurses: NULL pointer dereference in tgetstr in tinfo/lib_termcap.c 漏洞详情: https://avd.aquasec.com/nvd/cve-2023-45918 镜像层: sha256:e915d510ff2b469b8d03347ad6e785254beeb449931f7631dbcede8e5f281540 发布日期: 2024-02-16 22:15 修改: 2024-11-21 21:15
libtinfo6	CVE-2023-50495	低危	6.2-0ubuntu2.1		ncurses: segmentation fault via _nc_wrap_entry() 漏洞详情: https://avd.aquasec.com/nvd/cve-2023-50495 镜像层: sha256:e915d510ff2b469b8d03347ad6e785254beeb449931f7631dbcede8e5f281540 发布日期: 2023-12-12 15:15 修改: 2024-01-31 03:15
libudev1	CVE-2023-26604	低危	245.4-4ubuntu3.23		systemd: privilege escalation via the less pager 漏洞详情: https://avd.aquasec.com/nvd/cve-2023-26604 镜像层: sha256:e915d510ff2b469b8d03347ad6e785254beeb449931f7631dbcede8e5f281540 发布日期: 2023-03-03 16:15 修改: 2023-11-07 04:09
libudev1	CVE-2023-7008	低危	245.4-4ubuntu3.23		systemd-resolved: Unsigned name response in signed zone is not refused when DNSSEC=yes 漏洞详情: https://avd.aquasec.com/nvd/cve-2023-7008 镜像层: sha256:e915d510ff2b469b8d03347ad6e785254beeb449931f7631dbcede8e5f281540 发布日期: 2023-12-23 13:15 修改: 2024-11-22 12:15
libkrb5-3	CVE-2024-26461	低危	1.17-6ubuntu4.4		krb5: Memory leak at /krb5/src/lib/gssapi/krb5/k5sealv3.c 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-26461 镜像层: sha256:e2a59e5334d9168f2118844bba61bc9b9d77b5fa46138ac4820d1e94a7109573 发布日期: 2024-02-29 01:44 修改: 2024-08-14 16:35
gpg-agent	CVE-2022-3219	低危	2.2.19-3ubuntu2.2		gnupg: denial of service issue (resource consumption) using compressed packets 漏洞详情: https://avd.aquasec.com/nvd/cve-2022-3219 镜像层: sha256:5cd154ce1ac8500568cbfd3f7ac03500b1701f00e4edec5b1b57bfe208d6813c 发布日期: 2023-02-23 20:15 修改: 2023-05-26 16:31
gpg-wks-client	CVE-2022-3219	低危	2.2.19-3ubuntu2.2		gnupg: denial of service issue (resource consumption) using compressed packets 漏洞详情: https://avd.aquasec.com/nvd/cve-2022-3219 镜像层: sha256:5cd154ce1ac8500568cbfd3f7ac03500b1701f00e4edec5b1b57bfe208d6813c 发布日期: 2023-02-23 20:15 修改: 2023-05-26 16:31
libcurl4	CVE-2024-11053	低危	7.68.0-1ubuntu2.22	7.68.0-1ubuntu2.25	curl: curl netrc password leak 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-11053 镜像层: sha256:e2a59e5334d9168f2118844bba61bc9b9d77b5fa46138ac4820d1e94a7109573 发布日期: 2024-12-11 08:15 修改: 2024-12-15 17:15
locales	CVE-2016-20013	低危	2.31-0ubuntu9.15		漏洞详情: https://avd.aquasec.com/nvd/cve-2016-20013 镜像层: sha256:e2a59e5334d9168f2118844bba61bc9b9d77b5fa46138ac4820d1e94a7109573 发布日期: 2022-02-19 05:15 修改: 2022-03-03 16:43
libkrb5support0	CVE-2024-26458	低危	1.17-6ubuntu4.4		krb5: Memory leak at /krb5/src/lib/rpc/pmap_rmt.c 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-26458 镜像层: sha256:e2a59e5334d9168f2118844bba61bc9b9d77b5fa46138ac4820d1e94a7109573 发布日期: 2024-02-29 01:44 修改: 2024-12-06 21:15
login	CVE-2013-4235	低危	1:4.8.1-1ubuntu5.20.04.5		shadow-utils: TOCTOU race conditions by copying and removing directory trees 漏洞详情: https://avd.aquasec.com/nvd/cve-2013-4235 镜像层: sha256:e915d510ff2b469b8d03347ad6e785254beeb449931f7631dbcede8e5f281540 发布日期: 2019-12-03 15:15 修改: 2023-02-13 00:28
login	CVE-2023-29383	低危	1:4.8.1-1ubuntu5.20.04.5		shadow: Improper input validation in shadow-utils package utility chfn 漏洞详情: https://avd.aquasec.com/nvd/cve-2023-29383 镜像层: sha256:e915d510ff2b469b8d03347ad6e785254beeb449931f7631dbcede8e5f281540 发布日期: 2023-04-14 22:15 修改: 2023-04-24 18:05
ncurses-base	CVE-2023-45918	低危	6.2-0ubuntu2.1		ncurses: NULL pointer dereference in tgetstr in tinfo/lib_termcap.c 漏洞详情: https://avd.aquasec.com/nvd/cve-2023-45918 镜像层: sha256:e915d510ff2b469b8d03347ad6e785254beeb449931f7631dbcede8e5f281540 发布日期: 2024-02-16 22:15 修改: 2024-11-21 21:15
ncurses-base	CVE-2023-50495	低危	6.2-0ubuntu2.1		ncurses: segmentation fault via _nc_wrap_entry() 漏洞详情: https://avd.aquasec.com/nvd/cve-2023-50495 镜像层: sha256:e915d510ff2b469b8d03347ad6e785254beeb449931f7631dbcede8e5f281540 发布日期: 2023-12-12 15:15 修改: 2024-01-31 03:15
ncurses-bin	CVE-2023-45918	低危	6.2-0ubuntu2.1		ncurses: NULL pointer dereference in tgetstr in tinfo/lib_termcap.c 漏洞详情: https://avd.aquasec.com/nvd/cve-2023-45918 镜像层: sha256:e915d510ff2b469b8d03347ad6e785254beeb449931f7631dbcede8e5f281540 发布日期: 2024-02-16 22:15 修改: 2024-11-21 21:15
ncurses-bin	CVE-2023-50495	低危	6.2-0ubuntu2.1		ncurses: segmentation fault via _nc_wrap_entry() 漏洞详情: https://avd.aquasec.com/nvd/cve-2023-50495 镜像层: sha256:e915d510ff2b469b8d03347ad6e785254beeb449931f7631dbcede8e5f281540 发布日期: 2023-12-12 15:15 修改: 2024-01-31 03:15
openssl	CVE-2024-2511	低危	1.1.1f-1ubuntu2.22	1.1.1f-1ubuntu2.23	openssl: Unbounded memory growth with session handling in TLSv1.3 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-2511 镜像层: sha256:5cd154ce1ac8500568cbfd3f7ac03500b1701f00e4edec5b1b57bfe208d6813c 发布日期: 2024-04-08 14:15 修改: 2024-10-14 15:15
openssl	CVE-2024-4741	低危	1.1.1f-1ubuntu2.22	1.1.1f-1ubuntu2.23	openssl: Use After Free with SSL_free_buffers 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-4741 镜像层: sha256:5cd154ce1ac8500568cbfd3f7ac03500b1701f00e4edec5b1b57bfe208d6813c 发布日期: 2024-11-13 11:15 修改: 2024-11-13 17:01
openssl	CVE-2024-5535	低危	1.1.1f-1ubuntu2.22	1.1.1f-1ubuntu2.23	openssl: SSL_select_next_proto buffer overread 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-5535 镜像层: sha256:5cd154ce1ac8500568cbfd3f7ac03500b1701f00e4edec5b1b57bfe208d6813c 发布日期: 2024-06-27 11:15 修改: 2024-07-12 14:15
libkrb5support0	CVE-2024-26461	低危	1.17-6ubuntu4.4		krb5: Memory leak at /krb5/src/lib/gssapi/krb5/k5sealv3.c 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-26461 镜像层: sha256:e2a59e5334d9168f2118844bba61bc9b9d77b5fa46138ac4820d1e94a7109573 发布日期: 2024-02-29 01:44 修改: 2024-08-14 16:35
passwd	CVE-2013-4235	低危	1:4.8.1-1ubuntu5.20.04.5		shadow-utils: TOCTOU race conditions by copying and removing directory trees 漏洞详情: https://avd.aquasec.com/nvd/cve-2013-4235 镜像层: sha256:e915d510ff2b469b8d03347ad6e785254beeb449931f7631dbcede8e5f281540 发布日期: 2019-12-03 15:15 修改: 2023-02-13 00:28
passwd	CVE-2023-29383	低危	1:4.8.1-1ubuntu5.20.04.5		shadow: Improper input validation in shadow-utils package utility chfn 漏洞详情: https://avd.aquasec.com/nvd/cve-2023-29383 镜像层: sha256:e915d510ff2b469b8d03347ad6e785254beeb449931f7631dbcede8e5f281540 发布日期: 2023-04-14 22:15 修改: 2023-04-24 18:05
libncurses5	CVE-2023-45918	低危	6.2-0ubuntu2.1		ncurses: NULL pointer dereference in tgetstr in tinfo/lib_termcap.c 漏洞详情: https://avd.aquasec.com/nvd/cve-2023-45918 镜像层: sha256:e2a59e5334d9168f2118844bba61bc9b9d77b5fa46138ac4820d1e94a7109573 发布日期: 2024-02-16 22:15 修改: 2024-11-21 21:15
libncurses5	CVE-2023-50495	低危	6.2-0ubuntu2.1		ncurses: segmentation fault via _nc_wrap_entry() 漏洞详情: https://avd.aquasec.com/nvd/cve-2023-50495 镜像层: sha256:e2a59e5334d9168f2118844bba61bc9b9d77b5fa46138ac4820d1e94a7109573 发布日期: 2023-12-12 15:15 修改: 2024-01-31 03:15
libncurses6	CVE-2023-45918	低危	6.2-0ubuntu2.1		ncurses: NULL pointer dereference in tgetstr in tinfo/lib_termcap.c 漏洞详情: https://avd.aquasec.com/nvd/cve-2023-45918 镜像层: sha256:e915d510ff2b469b8d03347ad6e785254beeb449931f7631dbcede8e5f281540 发布日期: 2024-02-16 22:15 修改: 2024-11-21 21:15
libncurses6	CVE-2023-50495	低危	6.2-0ubuntu2.1		ncurses: segmentation fault via _nc_wrap_entry() 漏洞详情: https://avd.aquasec.com/nvd/cve-2023-50495 镜像层: sha256:e915d510ff2b469b8d03347ad6e785254beeb449931f7631dbcede8e5f281540 发布日期: 2023-12-12 15:15 修改: 2024-01-31 03:15
libncursesw6	CVE-2023-45918	低危	6.2-0ubuntu2.1		ncurses: NULL pointer dereference in tgetstr in tinfo/lib_termcap.c 漏洞详情: https://avd.aquasec.com/nvd/cve-2023-45918 镜像层: sha256:e915d510ff2b469b8d03347ad6e785254beeb449931f7631dbcede8e5f281540 发布日期: 2024-02-16 22:15 修改: 2024-11-21 21:15
libncursesw6	CVE-2023-50495	低危	6.2-0ubuntu2.1		ncurses: segmentation fault via _nc_wrap_entry() 漏洞详情: https://avd.aquasec.com/nvd/cve-2023-50495 镜像层: sha256:e915d510ff2b469b8d03347ad6e785254beeb449931f7631dbcede8e5f281540 发布日期: 2023-12-12 15:15 修改: 2024-01-31 03:15
gpg-wks-server	CVE-2022-3219	低危	2.2.19-3ubuntu2.2		gnupg: denial of service issue (resource consumption) using compressed packets 漏洞详情: https://avd.aquasec.com/nvd/cve-2022-3219 镜像层: sha256:5cd154ce1ac8500568cbfd3f7ac03500b1701f00e4edec5b1b57bfe208d6813c 发布日期: 2023-02-23 20:15 修改: 2023-05-26 16:31
gpgconf	CVE-2022-3219	低危	2.2.19-3ubuntu2.2		gnupg: denial of service issue (resource consumption) using compressed packets 漏洞详情: https://avd.aquasec.com/nvd/cve-2022-3219 镜像层: sha256:5cd154ce1ac8500568cbfd3f7ac03500b1701f00e4edec5b1b57bfe208d6813c 发布日期: 2023-02-23 20:15 修改: 2023-05-26 16:31
gpgsm	CVE-2022-3219	低危	2.2.19-3ubuntu2.2		gnupg: denial of service issue (resource consumption) using compressed packets 漏洞详情: https://avd.aquasec.com/nvd/cve-2022-3219 镜像层: sha256:5cd154ce1ac8500568cbfd3f7ac03500b1701f00e4edec5b1b57bfe208d6813c 发布日期: 2023-02-23 20:15 修改: 2023-05-26 16:31
gpgv	CVE-2022-3219	低危	2.2.19-3ubuntu2.2		gnupg: denial of service issue (resource consumption) using compressed packets 漏洞详情: https://avd.aquasec.com/nvd/cve-2022-3219 镜像层: sha256:e915d510ff2b469b8d03347ad6e785254beeb449931f7631dbcede8e5f281540 发布日期: 2023-02-23 20:15 修改: 2023-05-26 16:31
python3.8	CVE-2024-4032	低危	3.8.10-0ubuntu1~20.04.9	3.8.10-0ubuntu1~20.04.11	python: incorrect IPv4 and IPv6 private ranges 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-4032 镜像层: sha256:e2a59e5334d9168f2118844bba61bc9b9d77b5fa46138ac4820d1e94a7109573 发布日期: 2024-06-17 15:15 修改: 2024-08-29 21:35
python3.8	CVE-2024-7592	低危	3.8.10-0ubuntu1~20.04.9	3.8.10-0ubuntu1~20.04.12	cpython: python: Uncontrolled CPU resource consumption when in http.cookies module 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-7592 镜像层: sha256:e2a59e5334d9168f2118844bba61bc9b9d77b5fa46138ac4820d1e94a7109573 发布日期: 2024-08-19 19:15 修改: 2024-09-04 21:15
libpcre2-8-0	CVE-2022-41409	低危	10.34-7ubuntu0.1		pcre2: negative repeat value in a pcre2test subject line leads to inifinite loop 漏洞详情: https://avd.aquasec.com/nvd/cve-2022-41409 镜像层: sha256:e915d510ff2b469b8d03347ad6e785254beeb449931f7631dbcede8e5f281540 发布日期: 2023-07-18 14:15 修改: 2023-07-27 03:46
libpcre3	CVE-2017-11164	低危	2:8.39-12ubuntu0.1		pcre: OP_KETRMAX feature in the match function in pcre_exec.c 漏洞详情: https://avd.aquasec.com/nvd/cve-2017-11164 镜像层: sha256:e915d510ff2b469b8d03347ad6e785254beeb449931f7631dbcede8e5f281540 发布日期: 2017-07-11 03:29 修改: 2023-11-07 02:38
graphicsmagick	CVE-2017-13736	低危	1.4+really1.3.35-1ubuntu0.1		There are lots of memory leaks in the GMCommand function in magick/com ... 漏洞详情: https://avd.aquasec.com/nvd/cve-2017-13736 镜像层: sha256:e2a59e5334d9168f2118844bba61bc9b9d77b5fa46138ac4820d1e94a7109573 发布日期: 2017-08-29 06:29 修改: 2023-11-07 02:38
libgcrypt20	CVE-2024-2236	低危	1.8.5-5ubuntu1.1		libgcrypt: vulnerable to Marvin Attack 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-2236 镜像层: sha256:e915d510ff2b469b8d03347ad6e785254beeb449931f7631dbcede8e5f281540 发布日期: 2024-03-06 22:15 修改: 2024-11-12 18:15
libgd3	CVE-2021-40812	低危	2.2.5-5.2ubuntu2.1	2.2.5-5.2ubuntu2.4	The GD Graphics Library (aka LibGD) through 2.3.2 has an out-of-bounds ... 漏洞详情: https://avd.aquasec.com/nvd/cve-2021-40812 镜像层: sha256:e2a59e5334d9168f2118844bba61bc9b9d77b5fa46138ac4820d1e94a7109573 发布日期: 2021-09-08 21:15 修改: 2024-10-29 14:35
libgraphicsmagick-q16-3	CVE-2017-13736	低危	1.4+really1.3.35-1ubuntu0.1		There are lots of memory leaks in the GMCommand function in magick/com ... 漏洞详情: https://avd.aquasec.com/nvd/cve-2017-13736 镜像层: sha256:e2a59e5334d9168f2118844bba61bc9b9d77b5fa46138ac4820d1e94a7109573 发布日期: 2017-08-29 06:29 修改: 2023-11-07 02:38
coreutils	CVE-2016-2781	低危	8.30-3ubuntu2		coreutils: Non-privileged session can escape to the parent session in chroot 漏洞详情: https://avd.aquasec.com/nvd/cve-2016-2781 镜像层: sha256:e915d510ff2b469b8d03347ad6e785254beeb449931f7631dbcede8e5f281540 发布日期: 2017-02-07 15:59 修改: 2023-11-07 02:32
curl	CVE-2024-11053	低危	7.68.0-1ubuntu2.22	7.68.0-1ubuntu2.25	curl: curl netrc password leak 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-11053 镜像层: sha256:e2a59e5334d9168f2118844bba61bc9b9d77b5fa46138ac4820d1e94a7109573 发布日期: 2024-12-11 08:15 修改: 2024-12-15 17:15
dirmngr	CVE-2022-3219	低危	2.2.19-3ubuntu2.2		gnupg: denial of service issue (resource consumption) using compressed packets 漏洞详情: https://avd.aquasec.com/nvd/cve-2022-3219 镜像层: sha256:5cd154ce1ac8500568cbfd3f7ac03500b1701f00e4edec5b1b57bfe208d6813c 发布日期: 2023-02-23 20:15 修改: 2023-05-26 16:31
python3.8-minimal	CVE-2024-4032	低危	3.8.10-0ubuntu1~20.04.9	3.8.10-0ubuntu1~20.04.11	python: incorrect IPv4 and IPv6 private ranges 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-4032 镜像层: sha256:e2a59e5334d9168f2118844bba61bc9b9d77b5fa46138ac4820d1e94a7109573 发布日期: 2024-06-17 15:15 修改: 2024-08-29 21:35
python3.8-minimal	CVE-2024-7592	低危	3.8.10-0ubuntu1~20.04.9	3.8.10-0ubuntu1~20.04.12	cpython: python: Uncontrolled CPU resource consumption when in http.cookies module 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-7592 镜像层: sha256:e2a59e5334d9168f2118844bba61bc9b9d77b5fa46138ac4820d1e94a7109573 发布日期: 2024-08-19 19:15 修改: 2024-09-04 21:15
libgssapi-krb5-2	CVE-2024-26458	低危	1.17-6ubuntu4.4		krb5: Memory leak at /krb5/src/lib/rpc/pmap_rmt.c 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-26458 镜像层: sha256:e2a59e5334d9168f2118844bba61bc9b9d77b5fa46138ac4820d1e94a7109573 发布日期: 2024-02-29 01:44 修改: 2024-12-06 21:15
libgssapi-krb5-2	CVE-2024-26461	低危	1.17-6ubuntu4.4		krb5: Memory leak at /krb5/src/lib/gssapi/krb5/k5sealv3.c 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-26461 镜像层: sha256:e2a59e5334d9168f2118844bba61bc9b9d77b5fa46138ac4820d1e94a7109573 发布日期: 2024-02-29 01:44 修改: 2024-08-14 16:35
libpython3.8-minimal	CVE-2024-4032	低危	3.8.10-0ubuntu1~20.04.9	3.8.10-0ubuntu1~20.04.11	python: incorrect IPv4 and IPv6 private ranges 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-4032 镜像层: sha256:e2a59e5334d9168f2118844bba61bc9b9d77b5fa46138ac4820d1e94a7109573 发布日期: 2024-06-17 15:15 修改: 2024-08-29 21:35
libpython3.8-minimal	CVE-2024-7592	低危	3.8.10-0ubuntu1~20.04.9	3.8.10-0ubuntu1~20.04.12	cpython: python: Uncontrolled CPU resource consumption when in http.cookies module 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-7592 镜像层: sha256:e2a59e5334d9168f2118844bba61bc9b9d77b5fa46138ac4820d1e94a7109573 发布日期: 2024-08-19 19:15 修改: 2024-09-04 21:15
gnupg	CVE-2022-3219	低危	2.2.19-3ubuntu2.2		gnupg: denial of service issue (resource consumption) using compressed packets 漏洞详情: https://avd.aquasec.com/nvd/cve-2022-3219 镜像层: sha256:5cd154ce1ac8500568cbfd3f7ac03500b1701f00e4edec5b1b57bfe208d6813c 发布日期: 2023-02-23 20:15 修改: 2023-05-26 16:31
libc-bin	CVE-2016-20013	低危	2.31-0ubuntu9.15		漏洞详情: https://avd.aquasec.com/nvd/cve-2016-20013 镜像层: sha256:5cd154ce1ac8500568cbfd3f7ac03500b1701f00e4edec5b1b57bfe208d6813c 发布日期: 2022-02-19 05:15 修改: 2022-03-03 16:43
gnupg-l10n	CVE-2022-3219	低危	2.2.19-3ubuntu2.2		gnupg: denial of service issue (resource consumption) using compressed packets 漏洞详情: https://avd.aquasec.com/nvd/cve-2022-3219 镜像层: sha256:5cd154ce1ac8500568cbfd3f7ac03500b1701f00e4edec5b1b57bfe208d6813c 发布日期: 2023-02-23 20:15 修改: 2023-05-26 16:31
gnupg-utils	CVE-2022-3219	低危	2.2.19-3ubuntu2.2		gnupg: denial of service issue (resource consumption) using compressed packets 漏洞详情: https://avd.aquasec.com/nvd/cve-2022-3219 镜像层: sha256:5cd154ce1ac8500568cbfd3f7ac03500b1701f00e4edec5b1b57bfe208d6813c 发布日期: 2023-02-23 20:15 修改: 2023-05-26 16:31
libk5crypto3	CVE-2024-26458	低危	1.17-6ubuntu4.4		krb5: Memory leak at /krb5/src/lib/rpc/pmap_rmt.c 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-26458 镜像层: sha256:e2a59e5334d9168f2118844bba61bc9b9d77b5fa46138ac4820d1e94a7109573 发布日期: 2024-02-29 01:44 修改: 2024-12-06 21:15
libk5crypto3	CVE-2024-26461	低危	1.17-6ubuntu4.4		krb5: Memory leak at /krb5/src/lib/gssapi/krb5/k5sealv3.c 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-26461 镜像层: sha256:e2a59e5334d9168f2118844bba61bc9b9d77b5fa46138ac4820d1e94a7109573 发布日期: 2024-02-29 01:44 修改: 2024-08-14 16:35
gnupg2	CVE-2022-3219	低危	2.2.19-3ubuntu2.2		gnupg: denial of service issue (resource consumption) using compressed packets 漏洞详情: https://avd.aquasec.com/nvd/cve-2022-3219 镜像层: sha256:5cd154ce1ac8500568cbfd3f7ac03500b1701f00e4edec5b1b57bfe208d6813c 发布日期: 2023-02-23 20:15 修改: 2023-05-26 16:31
gpg	CVE-2022-3219	低危	2.2.19-3ubuntu2.2		gnupg: denial of service issue (resource consumption) using compressed packets 漏洞详情: https://avd.aquasec.com/nvd/cve-2022-3219 镜像层: sha256:5cd154ce1ac8500568cbfd3f7ac03500b1701f00e4edec5b1b57bfe208d6813c 发布日期: 2023-02-23 20:15 修改: 2023-05-26 16:31
libc6	CVE-2016-20013	低危	2.31-0ubuntu9.15		漏洞详情: https://avd.aquasec.com/nvd/cve-2016-20013 镜像层: sha256:5cd154ce1ac8500568cbfd3f7ac03500b1701f00e4edec5b1b57bfe208d6813c 发布日期: 2022-02-19 05:15 修改: 2022-03-03 16:43
libpython3.8-stdlib	CVE-2024-4032	低危	3.8.10-0ubuntu1~20.04.9	3.8.10-0ubuntu1~20.04.11	python: incorrect IPv4 and IPv6 private ranges 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-4032 镜像层: sha256:e2a59e5334d9168f2118844bba61bc9b9d77b5fa46138ac4820d1e94a7109573 发布日期: 2024-06-17 15:15 修改: 2024-08-29 21:35
libpython3.8-stdlib	CVE-2024-7592	低危	3.8.10-0ubuntu1~20.04.9	3.8.10-0ubuntu1~20.04.12	cpython: python: Uncontrolled CPU resource consumption when in http.cookies module 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-7592 镜像层: sha256:e2a59e5334d9168f2118844bba61bc9b9d77b5fa46138ac4820d1e94a7109573 发布日期: 2024-08-19 19:15 修改: 2024-09-04 21:15
libssl1.1	CVE-2024-2511	低危	1.1.1f-1ubuntu2.22	1.1.1f-1ubuntu2.23	openssl: Unbounded memory growth with session handling in TLSv1.3 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-2511 镜像层: sha256:5cd154ce1ac8500568cbfd3f7ac03500b1701f00e4edec5b1b57bfe208d6813c 发布日期: 2024-04-08 14:15 修改: 2024-10-14 15:15
libssl1.1	CVE-2024-4741	低危	1.1.1f-1ubuntu2.22	1.1.1f-1ubuntu2.23	openssl: Use After Free with SSL_free_buffers 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-4741 镜像层: sha256:5cd154ce1ac8500568cbfd3f7ac03500b1701f00e4edec5b1b57bfe208d6813c 发布日期: 2024-11-13 11:15 修改: 2024-11-13 17:01

Java (jar)

低危漏洞:0

中危漏洞:0

高危漏洞:0

严重漏洞:0

软件包	漏洞	安全状态	安装版本	修复版本	漏洞信息

Node.js (node-pkg)

低危漏洞:2

中危漏洞:5

高危漏洞:13

严重漏洞:3

软件包	漏洞	安全状态	安装版本	修复版本	漏洞信息
handlebars	CVE-2019-19919	严重	1.0.0	4.3.0, 3.0.8	nodejs-handlebars: prototype pollution leading to remote code execution via crafted payloads 漏洞详情: https://avd.aquasec.com/nvd/cve-2019-19919 镜像层: sha256:5e3a6c113046c7de4fc8a293052c4e1506aa2ffe2d47431e366d324550ab829a 发布日期: 2019-12-20 23:15 修改: 2022-06-03 18:48
handlebars	CVE-2021-23369	严重	1.0.0	4.7.7	nodejs-handlebars: Remote code execution when compiling untrusted compile templates with strict:true option 漏洞详情: https://avd.aquasec.com/nvd/cve-2021-23369 镜像层: sha256:5e3a6c113046c7de4fc8a293052c4e1506aa2ffe2d47431e366d324550ab829a 发布日期: 2021-04-12 14:15 修改: 2021-06-08 13:54
handlebars	CVE-2021-23383	严重	1.0.0	4.7.7	nodejs-handlebars: Remote code execution when compiling untrusted compile templates with compat:true option 漏洞详情: https://avd.aquasec.com/nvd/cve-2021-23383 镜像层: sha256:5e3a6c113046c7de4fc8a293052c4e1506aa2ffe2d47431e366d324550ab829a 发布日期: 2021-05-04 09:15 修改: 2021-12-03 19:59
diff	GHSA-h6ch-v84p-w6p9	高危	1.0.0	3.5.0	Regular Expression Denial of Service (ReDoS) 漏洞详情: https://github.com/advisories/GHSA-h6ch-v84p-w6p9 镜像层: sha256:5e3a6c113046c7de4fc8a293052c4e1506aa2ffe2d47431e366d324550ab829a 发布日期: 0001-01-01 00:00 修改: 0001-01-01 00:00
handlebars	CVE-2019-20920	高危	1.0.0	3.0.8, 4.5.3	nodejs-handlebars: lookup helper fails to properly validate templates allowing for arbitrary JavaScript execution 漏洞详情: https://avd.aquasec.com/nvd/cve-2019-20920 镜像层: sha256:5e3a6c113046c7de4fc8a293052c4e1506aa2ffe2d47431e366d324550ab829a 发布日期: 2020-09-30 18:15 修改: 2020-10-15 17:35
handlebars	GHSA-2cf5-4w76-r9qv	高危	1.0.0	3.0.8, 4.5.2	Arbitrary Code Execution in handlebars 漏洞详情: https://github.com/advisories/GHSA-2cf5-4w76-r9qv 镜像层: sha256:5e3a6c113046c7de4fc8a293052c4e1506aa2ffe2d47431e366d324550ab829a 发布日期: 0001-01-01 00:00 修改: 0001-01-01 00:00
handlebars	GHSA-g9r4-xpmj-mj65	高危	1.0.0	3.0.8, 4.5.3	Prototype Pollution in handlebars 漏洞详情: https://github.com/advisories/GHSA-g9r4-xpmj-mj65 镜像层: sha256:5e3a6c113046c7de4fc8a293052c4e1506aa2ffe2d47431e366d324550ab829a 发布日期: 0001-01-01 00:00 修改: 0001-01-01 00:00
handlebars	GHSA-q2c6-c6pm-g3gh	高危	1.0.0	3.0.8, 4.5.3	Arbitrary Code Execution in handlebars 漏洞详情: https://github.com/advisories/GHSA-q2c6-c6pm-g3gh 镜像层: sha256:5e3a6c113046c7de4fc8a293052c4e1506aa2ffe2d47431e366d324550ab829a 发布日期: 0001-01-01 00:00 修改: 0001-01-01 00:00
handlebars	GHSA-q42p-pg8m-cqh6	高危	1.0.0	4.1.2, 4.0.14, 3.0.7	Prototype Pollution in handlebars 漏洞详情: https://github.com/advisories/GHSA-q42p-pg8m-cqh6 镜像层: sha256:5e3a6c113046c7de4fc8a293052c4e1506aa2ffe2d47431e366d324550ab829a 发布日期: 0001-01-01 00:00 修改: 0001-01-01 00:00
ini	CVE-2020-7788	高危	1.0.0	1.3.6	nodejs-ini: Prototype pollution via malicious INI file 漏洞详情: https://avd.aquasec.com/nvd/cve-2020-7788 镜像层: sha256:5e3a6c113046c7de4fc8a293052c4e1506aa2ffe2d47431e366d324550ab829a 发布日期: 2020-12-11 11:15 修改: 2022-12-02 19:40
json	CVE-2020-7712	高危	1.0.0	10.0.0	trentm/json vulnerable to command injection 漏洞详情: https://avd.aquasec.com/nvd/cve-2020-7712 镜像层: sha256:5e3a6c113046c7de4fc8a293052c4e1506aa2ffe2d47431e366d324550ab829a 发布日期: 2020-08-30 08:15 修改: 2023-11-07 03:26
npm	CVE-2018-7408	高危	1.0.1	5.7.1	Incorrect Permission Assignment for Critical Resource in NPM 漏洞详情: https://avd.aquasec.com/nvd/cve-2018-7408 镜像层: sha256:5e3a6c113046c7de4fc8a293052c4e1506aa2ffe2d47431e366d324550ab829a 发布日期: 2018-02-22 18:29 修改: 2019-10-03 00:03
npm	CVE-2019-16775	高危	1.0.1	6.13.3	npm: Symlink reference outside of node_modules folder through the bin field upon installation 漏洞详情: https://avd.aquasec.com/nvd/cve-2019-16775 镜像层: sha256:5e3a6c113046c7de4fc8a293052c4e1506aa2ffe2d47431e366d324550ab829a 发布日期: 2019-12-13 01:15 修改: 2023-11-07 03:05
npm	CVE-2019-16776	高危	1.0.1	6.13.3	npm: Arbitrary file write via constructed entry in the package.json bin field 漏洞详情: https://avd.aquasec.com/nvd/cve-2019-16776 镜像层: sha256:5e3a6c113046c7de4fc8a293052c4e1506aa2ffe2d47431e366d324550ab829a 发布日期: 2019-12-13 01:15 修改: 2023-11-07 03:05
npm	CVE-2019-16777	高危	1.0.1	6.13.4	npm: Global node_modules Binary Overwrite 漏洞详情: https://avd.aquasec.com/nvd/cve-2019-16777 镜像层: sha256:5e3a6c113046c7de4fc8a293052c4e1506aa2ffe2d47431e366d324550ab829a 发布日期: 2019-12-13 01:15 修改: 2023-11-07 03:05
pug	CVE-2021-21353	高危	1.0.0	3.0.1	pug: user provided objects as input to pug templates can achieve remote code execution 漏洞详情: https://avd.aquasec.com/nvd/cve-2021-21353 镜像层: sha256:5e3a6c113046c7de4fc8a293052c4e1506aa2ffe2d47431e366d324550ab829a 发布日期: 2021-03-03 02:15 修改: 2021-03-09 15:35
handlebars	NSWG-ECO-519	中危	1.0.0	>=4.6.0	Denial of Service 漏洞详情: https://hackerone.com/reports/726364 镜像层: sha256:5e3a6c113046c7de4fc8a293052c4e1506aa2ffe2d47431e366d324550ab829a 发布日期: 0001-01-01 00:00 修改: 0001-01-01 00:00
npm	CVE-2016-3956	中危	1.0.1	>= 2.15.1 <= 3.0.0, >= 3.8.3	npm: bearer token leak to non-registry hosts 漏洞详情: https://avd.aquasec.com/nvd/cve-2016-3956 镜像层: sha256:5e3a6c113046c7de4fc8a293052c4e1506aa2ffe2d47431e366d324550ab829a 发布日期: 2016-07-02 14:59 修改: 2021-06-15 16:30
npm	CVE-2020-15095	中危	1.0.1	6.14.6	npm: sensitive information exposure through logs 漏洞详情: https://avd.aquasec.com/nvd/cve-2020-15095 镜像层: sha256:5e3a6c113046c7de4fc8a293052c4e1506aa2ffe2d47431e366d324550ab829a 发布日期: 2020-07-07 19:15 修改: 2023-11-07 03:17
handlebars	CVE-2015-8861	中危	1.0.0	>=4.0.0	The handlebars package before 4.0.0 for Node.js allows remote attacker ... 漏洞详情: https://avd.aquasec.com/nvd/cve-2015-8861 镜像层: sha256:5e3a6c113046c7de4fc8a293052c4e1506aa2ffe2d47431e366d324550ab829a 发布日期: 2017-01-23 21:59 修改: 2020-04-22 12:54
pug	CVE-2024-36361	中危	1.0.0	3.0.3	Pug allows JavaScript code execution if an application accepts untrusted input 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-36361 镜像层: sha256:5e3a6c113046c7de4fc8a293052c4e1506aa2ffe2d47431e366d324550ab829a 发布日期: 2024-05-24 06:15 修改: 2024-08-02 04:17
markdown	GHSA-wx77-rp39-c6vg	低危	1.0.0		Regular Expression Denial of Service in markdown 漏洞详情: https://github.com/advisories/GHSA-wx77-rp39-c6vg 镜像层: sha256:5e3a6c113046c7de4fc8a293052c4e1506aa2ffe2d47431e366d324550ab829a 发布日期: 0001-01-01 00:00 修改: 0001-01-01 00:00
npm	CVE-2013-4116	低危	1.0.1	>=1.3.3	npm: Insecure temporary directory generation 漏洞详情: https://avd.aquasec.com/nvd/cve-2013-4116 镜像层: sha256:5e3a6c113046c7de4fc8a293052c4e1506aa2ffe2d47431e366d324550ab829a 发布日期: 2014-04-22 14:23 修改: 2020-10-14 13:21

Ruby (gemspec)

低危漏洞:10

中危漏洞:34

高危漏洞:7

严重漏洞:3

软件包	漏洞	安全状态	安装版本	修复版本	漏洞信息
omniauth-saml	CVE-2024-45409	严重	2.1.0	>= 1.10.5, < 2.0.0, ~> 2.1.2, >= 2.2.1	The Ruby SAML library is for implementing the client side of a SAML au ... 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-45409 镜像层: sha256:5e3a6c113046c7de4fc8a293052c4e1506aa2ffe2d47431e366d324550ab829a 发布日期: 2024-09-10 19:15 修改: 2024-09-20 14:13
omniauth-saml	GHSA-cvp8-5r8g-fhvq	严重	2.1.0	2.1.2, 1.10.5, 2.2.1	omniauth-saml vulnerable to Improper Verification of Cryptographic Signature 漏洞详情: https://github.com/advisories/GHSA-cvp8-5r8g-fhvq 镜像层: sha256:5e3a6c113046c7de4fc8a293052c4e1506aa2ffe2d47431e366d324550ab829a 发布日期: 0001-01-01 00:00 修改: 0001-01-01 00:00
ruby-saml	CVE-2024-45409	严重	1.15.0	~> 1.12.3, >= 1.17.0	The Ruby SAML library is for implementing the client side of a SAML au ... 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-45409 镜像层: sha256:5e3a6c113046c7de4fc8a293052c4e1506aa2ffe2d47431e366d324550ab829a 发布日期: 2024-09-10 19:15 修改: 2024-09-20 14:13
rack-cors	CVE-2024-27456	高危	2.0.1	>= 2.0.2	rack-cors: Insecure File Permissions in rack-cors 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-27456 镜像层: sha256:5e3a6c113046c7de4fc8a293052c4e1506aa2ffe2d47431e366d324550ab829a 发布日期: 2024-02-26 16:28 修改: 2024-08-02 19:35
rexml	CVE-2024-49761	高危	3.2.5	>= 3.3.9	rexml: REXML ReDoS vulnerability 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-49761 镜像层: sha256:5e3a6c113046c7de4fc8a293052c4e1506aa2ffe2d47431e366d324550ab829a 发布日期: 2024-10-28 15:15 修改: 2024-12-27 16:15
rexml	CVE-2024-49761	高危	3.2.6	>= 3.3.9	rexml: REXML ReDoS vulnerability 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-49761 镜像层: sha256:5e3a6c113046c7de4fc8a293052c4e1506aa2ffe2d47431e366d324550ab829a 发布日期: 2024-10-28 15:15 修改: 2024-12-27 16:15
rexml	CVE-2024-49761	高危	3.2.6	>= 3.3.9	rexml: REXML ReDoS vulnerability 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-49761 镜像层: sha256:5e3a6c113046c7de4fc8a293052c4e1506aa2ffe2d47431e366d324550ab829a 发布日期: 2024-10-28 15:15 修改: 2024-12-27 16:15
google-protobuf	CVE-2024-7254	高危	3.25.2	~> 3.25.5, ~> 4.27.5, >= 4.28.2	protobuf: StackOverflow vulnerability in Protocol Buffers 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-7254 镜像层: sha256:5e3a6c113046c7de4fc8a293052c4e1506aa2ffe2d47431e366d324550ab829a 发布日期: 2024-09-19 01:15 修改: 2024-12-13 14:15
webrick	CVE-2024-47220	高危	1.8.1	>= 1.8.2	WEBrick: HTTP request smuggling 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-47220 镜像层: sha256:5e3a6c113046c7de4fc8a293052c4e1506aa2ffe2d47431e366d324550ab829a 发布日期: 2024-09-22 01:15 修改: 2025-01-09 18:15
webrick	CVE-2024-47220	高危	1.8.1	>= 1.8.2	WEBrick: HTTP request smuggling 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-47220 镜像层: sha256:5e3a6c113046c7de4fc8a293052c4e1506aa2ffe2d47431e366d324550ab829a 发布日期: 2024-09-22 01:15 修改: 2025-01-09 18:15
json-jwt	CVE-2023-51774	中危	1.15.3	~> 1.15.3, >= 1.15.3.1, >= 1.16.6	json-jwt: bypass of identity checks via a sign/encryption confusion attack 漏洞详情: https://avd.aquasec.com/nvd/cve-2023-51774 镜像层: sha256:5e3a6c113046c7de4fc8a293052c4e1506aa2ffe2d47431e366d324550ab829a 发布日期: 2024-02-29 01:42 修改: 2024-08-26 20:35
nokogiri	GHSA-vcc3-rw6f-jv97	中危	1.16.0	1.15.6, 1.16.2	Use-after-free in libxml2 via Nokogiri::XML::Reader 漏洞详情: https://github.com/advisories/GHSA-vcc3-rw6f-jv97 镜像层: sha256:5e3a6c113046c7de4fc8a293052c4e1506aa2ffe2d47431e366d324550ab829a 发布日期: 0001-01-01 00:00 修改: 0001-01-01 00:00
nokogiri	GHSA-xc9x-jj77-9p9j	中危	1.16.0	~> 1.15.6, >= 1.16.2	Use-after-free in libxml2 via Nokogiri::XML::Reader 漏洞详情: https://github.com/advisories/GHSA-xc9x-jj77-9p9j 镜像层: sha256:5e3a6c113046c7de4fc8a293052c4e1506aa2ffe2d47431e366d324550ab829a 发布日期: 0001-01-01 00:00 修改: 0001-01-01 00:00
actionpack	CVE-2024-28103	中危	7.0.8	~> 6.1.7, >= 6.1.7.8, ~> 7.0.8, >= 7.0.8.4, ~> 7.1.3, >= 7.1.3.4, >= 7.2.0.beta2	rubygem-actionpack: Missing security headers in Action Pack on non-HTML responses 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-28103 镜像层: sha256:5e3a6c113046c7de4fc8a293052c4e1506aa2ffe2d47431e366d324550ab829a 发布日期: 2024-06-04 20:15 修改: 2024-12-06 14:15
actionpack	CVE-2024-54133	中危	7.0.8	~> 7.0.8.7, ~> 7.1.5.1, ~> 7.2.2.1, >= 8.0.0.1	actionpack: Possible Content Security Policy bypass in Action Dispatch 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-54133 镜像层: sha256:5e3a6c113046c7de4fc8a293052c4e1506aa2ffe2d47431e366d324550ab829a 发布日期: 2024-12-10 23:15 修改: 2024-12-10 23:15
puma	CVE-2024-21647	中危	6.4.0	~> 5.6.8, >= 6.4.2	rubygem-puma: HTTP request smuggling when parsing chunked Transfer-Encoding Bodies 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-21647 镜像层: sha256:5e3a6c113046c7de4fc8a293052c4e1506aa2ffe2d47431e366d324550ab829a 发布日期: 2024-01-08 14:15 修改: 2024-01-11 17:31
puma	CVE-2024-45614	中危	6.4.0	~> 5.6.9, >= 6.4.3	rubygem-puma: Header normalization allows for client to clobber proxy set headers 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-45614 镜像层: sha256:5e3a6c113046c7de4fc8a293052c4e1506aa2ffe2d47431e366d324550ab829a 发布日期: 2024-09-19 23:15 修改: 2024-09-26 13:28
rack	CVE-2024-25126	中危	2.2.8	~> 2.2.8, >= 2.2.8.1, >= 3.0.9.1	rubygem-rack: Denial of Service Vulnerability in Rack Content-Type Parsing 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-25126 镜像层: sha256:5e3a6c113046c7de4fc8a293052c4e1506aa2ffe2d47431e366d324550ab829a 发布日期: 2024-02-29 00:15 修改: 2024-06-10 18:15
rack	CVE-2024-26141	中危	2.2.8	~> 2.2.8, >= 2.2.8.1, >= 3.0.9.1	rubygem-rack: Possible DoS Vulnerability with Range Header in Rack 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-26141 镜像层: sha256:5e3a6c113046c7de4fc8a293052c4e1506aa2ffe2d47431e366d324550ab829a 发布日期: 2024-02-29 00:15 修改: 2024-06-10 17:16
rack	CVE-2024-26146	中危	2.2.8	~> 2.0.9, >= 2.0.9.4, ~> 2.1.4, >= 2.1.4.4, ~> 2.2.8, >= 2.2.8.1, >= 3.0.9.1	rubygem-rack: Possible Denial of Service Vulnerability in Rack Header Parsing 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-26146 镜像层: sha256:5e3a6c113046c7de4fc8a293052c4e1506aa2ffe2d47431e366d324550ab829a 发布日期: 2024-02-29 00:15 修改: 2024-06-10 18:15
actiontext	CVE-2024-34341	中危	7.0.8	~> 7.0.8.3, >= 7.1.3.3	Arbitrary Code Execution Vulnerability in Trix Editor included in ActionText 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-34341 镜像层: sha256:5e3a6c113046c7de4fc8a293052c4e1506aa2ffe2d47431e366d324550ab829a 发布日期: 2024-05-07 16:15 修改: 2024-05-07 20:07
rails	CVE-2024-26143	中危	7.0.8	7.0.8.1, 7.1.3.1	rubygem-actionpack: Possible XSS on translation helpers 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-26143 镜像层: sha256:5e3a6c113046c7de4fc8a293052c4e1506aa2ffe2d47431e366d324550ab829a 发布日期: 2024-02-27 16:15 修改: 2024-06-10 17:16
activestorage	CVE-2024-26144	中危	7.0.8	~> 6.1.7, >= 6.1.7.7, >= 7.0.8.1	rubygem-activestorage: Possible Sensitive Session Information Leak in Active Storage 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-26144 镜像层: sha256:5e3a6c113046c7de4fc8a293052c4e1506aa2ffe2d47431e366d324550ab829a 发布日期: 2024-02-27 16:15 修改: 2024-06-10 16:15
rexml	CVE-2024-35176	中危	3.2.5	>= 3.2.7	REXML: DoS parsing an XML with many `<`s in an attribute value 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-35176 镜像层: sha256:5e3a6c113046c7de4fc8a293052c4e1506aa2ffe2d47431e366d324550ab829a 发布日期: 2024-05-16 16:15 修改: 2024-05-17 18:36
rexml	CVE-2024-39908	中危	3.2.5	>= 3.3.2	rexml: DoS vulnerability in REXML 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-39908 镜像层: sha256:5e3a6c113046c7de4fc8a293052c4e1506aa2ffe2d47431e366d324550ab829a 发布日期: 2024-07-16 18:15 修改: 2025-01-17 20:15
rexml	CVE-2024-41123	中危	3.2.5	>= 3.3.3	rexml: rubygem-rexml: DoS when parsing an XML having many specific characters such as whitespace character, >] and ]> 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-41123 镜像层: sha256:5e3a6c113046c7de4fc8a293052c4e1506aa2ffe2d47431e366d324550ab829a 发布日期: 2024-08-01 15:15 修改: 2024-12-27 16:15
rexml	CVE-2024-41946	中危	3.2.5	>= 3.3.3	rexml: DoS vulnerability in REXML 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-41946 镜像层: sha256:5e3a6c113046c7de4fc8a293052c4e1506aa2ffe2d47431e366d324550ab829a 发布日期: 2024-08-01 15:15 修改: 2025-01-17 20:15
rexml	CVE-2024-43398	中危	3.2.5	>= 3.3.6	rexml: DoS vulnerability in REXML 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-43398 镜像层: sha256:5e3a6c113046c7de4fc8a293052c4e1506aa2ffe2d47431e366d324550ab829a 发布日期: 2024-08-22 15:15 修改: 2025-01-03 12:15
carrierwave	CVE-2023-49090	中危	1.3.4	~> 2.2.5, >= 3.0.5	CarrierWave is a solution for file uploads for Rails, Sinatra and othe ... 漏洞详情: https://avd.aquasec.com/nvd/cve-2023-49090 镜像层: sha256:5e3a6c113046c7de4fc8a293052c4e1506aa2ffe2d47431e366d324550ab829a 发布日期: 2023-11-29 15:15 修改: 2023-12-05 16:25
carrierwave	CVE-2024-29034	中危	1.3.4	~> 2.2.6, >= 3.0.7	CarrierWave content-Type allowlist bypass vulnerability which possibly leads to XSS remained 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-29034 镜像层: sha256:5e3a6c113046c7de4fc8a293052c4e1506aa2ffe2d47431e366d324550ab829a 发布日期: 2024-03-24 20:15 修改: 2024-03-25 01:51
rexml	CVE-2024-35176	中危	3.2.6	>= 3.2.7	REXML: DoS parsing an XML with many `<`s in an attribute value 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-35176 镜像层: sha256:5e3a6c113046c7de4fc8a293052c4e1506aa2ffe2d47431e366d324550ab829a 发布日期: 2024-05-16 16:15 修改: 2024-05-17 18:36
rexml	CVE-2024-35176	中危	3.2.6	>= 3.2.7	REXML: DoS parsing an XML with many `<`s in an attribute value 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-35176 镜像层: sha256:5e3a6c113046c7de4fc8a293052c4e1506aa2ffe2d47431e366d324550ab829a 发布日期: 2024-05-16 16:15 修改: 2024-05-17 18:36
rexml	CVE-2024-39908	中危	3.2.6	>= 3.3.2	rexml: DoS vulnerability in REXML 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-39908 镜像层: sha256:5e3a6c113046c7de4fc8a293052c4e1506aa2ffe2d47431e366d324550ab829a 发布日期: 2024-07-16 18:15 修改: 2025-01-17 20:15
rexml	CVE-2024-39908	中危	3.2.6	>= 3.3.2	rexml: DoS vulnerability in REXML 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-39908 镜像层: sha256:5e3a6c113046c7de4fc8a293052c4e1506aa2ffe2d47431e366d324550ab829a 发布日期: 2024-07-16 18:15 修改: 2025-01-17 20:15
rexml	CVE-2024-41123	中危	3.2.6	>= 3.3.3	rexml: rubygem-rexml: DoS when parsing an XML having many specific characters such as whitespace character, >] and ]> 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-41123 镜像层: sha256:5e3a6c113046c7de4fc8a293052c4e1506aa2ffe2d47431e366d324550ab829a 发布日期: 2024-08-01 15:15 修改: 2024-12-27 16:15
rexml	CVE-2024-41123	中危	3.2.6	>= 3.3.3	rexml: rubygem-rexml: DoS when parsing an XML having many specific characters such as whitespace character, >] and ]> 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-41123 镜像层: sha256:5e3a6c113046c7de4fc8a293052c4e1506aa2ffe2d47431e366d324550ab829a 发布日期: 2024-08-01 15:15 修改: 2024-12-27 16:15
rexml	CVE-2024-41946	中危	3.2.6	>= 3.3.3	rexml: DoS vulnerability in REXML 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-41946 镜像层: sha256:5e3a6c113046c7de4fc8a293052c4e1506aa2ffe2d47431e366d324550ab829a 发布日期: 2024-08-01 15:15 修改: 2025-01-17 20:15
rexml	CVE-2024-41946	中危	3.2.6	>= 3.3.3	rexml: DoS vulnerability in REXML 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-41946 镜像层: sha256:5e3a6c113046c7de4fc8a293052c4e1506aa2ffe2d47431e366d324550ab829a 发布日期: 2024-08-01 15:15 修改: 2025-01-17 20:15
rexml	CVE-2024-43398	中危	3.2.6	>= 3.3.6	rexml: DoS vulnerability in REXML 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-43398 镜像层: sha256:5e3a6c113046c7de4fc8a293052c4e1506aa2ffe2d47431e366d324550ab829a 发布日期: 2024-08-22 15:15 修改: 2025-01-03 12:15
rexml	CVE-2024-43398	中危	3.2.6	>= 3.3.6	rexml: DoS vulnerability in REXML 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-43398 镜像层: sha256:5e3a6c113046c7de4fc8a293052c4e1506aa2ffe2d47431e366d324550ab829a 发布日期: 2024-08-22 15:15 修改: 2025-01-03 12:15
devise-two-factor	CVE-2024-8796	中危	4.1.1	>= 6.0.0	Under the default configuration, Devise-Two-Factor versions >= 2.2.0 & ... 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-8796 镜像层: sha256:5e3a6c113046c7de4fc8a293052c4e1506aa2ffe2d47431e366d324550ab829a 发布日期: 2024-09-17 18:15 修改: 2024-09-30 14:10
view_component	CVE-2024-21636	中危	3.8.0	~> 2.83.0, >= 3.9.0	view_component Cross-site Scripting vulnerability 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-21636 镜像层: sha256:5e3a6c113046c7de4fc8a293052c4e1506aa2ffe2d47431e366d324550ab829a 发布日期: 2024-01-04 20:15 修改: 2024-01-10 15:45
fugit	CVE-2024-43380	中危	1.8.1	>= 1.11.1	fugit: Improper input validation in "natural" parser may lead to DoS 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-43380 镜像层: sha256:5e3a6c113046c7de4fc8a293052c4e1506aa2ffe2d47431e366d324550ab829a 发布日期: 2024-08-19 15:15 修改: 2024-08-21 12:38
actionpack	CVE-2024-26143	中危	7.0.8	~> 7.0.8, >= 7.0.8.1, >= 7.1.3.1	rubygem-actionpack: Possible XSS on translation helpers 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-26143 镜像层: sha256:5e3a6c113046c7de4fc8a293052c4e1506aa2ffe2d47431e366d324550ab829a 发布日期: 2024-02-27 16:15 修改: 2024-06-10 17:16
actionmailer	CVE-2024-47889	低危	7.0.8	~> 6.1.7.9, ~> 7.0.8.5, ~> 7.1.4, >= 7.1.4.1, >= 7.2.1.1	rubygem-actionmailer: Possible ReDoS vulnerability in block_format in Action Mailer 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-47889 镜像层: sha256:5e3a6c113046c7de4fc8a293052c4e1506aa2ffe2d47431e366d324550ab829a 发布日期: 2024-10-16 21:15 修改: 2024-10-18 12:53
actiontext	CVE-2024-47888	低危	7.0.8	~> 6.1.7.9, ~> 7.0.8.5, ~> 7.1.4, >= 7.1.4.1, >= 7.2.1.1	rubygem-actiontext: Possible ReDoS vulnerability in plain_text_for_blockquote_node in Action Text 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-47888 镜像层: sha256:5e3a6c113046c7de4fc8a293052c4e1506aa2ffe2d47431e366d324550ab829a 发布日期: 2024-10-16 21:15 修改: 2024-10-18 12:53
actionpack	CVE-2024-41128	低危	7.0.8	~> 6.1.7.9, ~> 7.0.8.5, ~> 7.1.4, >= 7.1.4.1, >= 7.2.1.1	rubygem-actionpack: Possible ReDoS vulnerability in query parameter filtering in Action Dispatch 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-41128 镜像层: sha256:5e3a6c113046c7de4fc8a293052c4e1506aa2ffe2d47431e366d324550ab829a 发布日期: 2024-10-16 18:15 修改: 2024-10-18 12:53
rails-html-sanitizer	CVE-2024-53985	低危	1.6.0	>= 1.6.1	rails-html-sanitizer: Possible XSS vulnerability with certain configurations of rails-html-sanitizer 1.6.0 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-53985 镜像层: sha256:5e3a6c113046c7de4fc8a293052c4e1506aa2ffe2d47431e366d324550ab829a 发布日期: 2024-12-02 22:15 修改: 2024-12-02 22:15
rails-html-sanitizer	CVE-2024-53986	低危	1.6.0	>= 1.6.1	rails-html-sanitizer: Possible XSS vulnerability with certain configurations of rails-html-sanitizer 1.6.0 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-53986 镜像层: sha256:5e3a6c113046c7de4fc8a293052c4e1506aa2ffe2d47431e366d324550ab829a 发布日期: 2024-12-02 22:15 修改: 2024-12-02 22:15
rails-html-sanitizer	CVE-2024-53987	低危	1.6.0	>= 1.6.1	rails-html-sanitizer: Possible XSS vulnerability with certain configurations of rails-html-sanitizer 1.6.0 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-53987 镜像层: sha256:5e3a6c113046c7de4fc8a293052c4e1506aa2ffe2d47431e366d324550ab829a 发布日期: 2024-12-02 22:15 修改: 2024-12-02 22:15
rails-html-sanitizer	CVE-2024-53988	低危	1.6.0	>= 1.6.1	rails-html-sanitizer: Possible XSS vulnerability with certain configurations of rails-html-sanitizer 1.6.0 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-53988 镜像层: sha256:5e3a6c113046c7de4fc8a293052c4e1506aa2ffe2d47431e366d324550ab829a 发布日期: 2024-12-02 22:15 修改: 2024-12-02 22:15
rails-html-sanitizer	CVE-2024-53989	低危	1.6.0	>= 1.6.1	rails-html-sanitizer: Possible XSS vulnerability with certain configurations of rails-html-sanitizer 1.6.0 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-53989 镜像层: sha256:5e3a6c113046c7de4fc8a293052c4e1506aa2ffe2d47431e366d324550ab829a 发布日期: 2024-12-02 21:15 修改: 2024-12-02 22:15
nokogiri	GHSA-r95h-9x8f-r3f7	低危	1.16.0	>= 1.16.5	Nokogiri updates packaged libxml2 to v2.12.7 to resolve CVE-2024-34459 漏洞详情: https://github.com/advisories/GHSA-r95h-9x8f-r3f7 镜像层: sha256:5e3a6c113046c7de4fc8a293052c4e1506aa2ffe2d47431e366d324550ab829a 发布日期: 0001-01-01 00:00 修改: 0001-01-01 00:00
actionpack	CVE-2024-47887	低危	7.0.8	~> 6.1.7.9, ~> 7.0.8.5, ~> 7.1.4, >= 7.1.4.1, >= 7.2.1.1	rubygem-actionpack: Possible ReDoS vulnerability in HTTP Token authentication in Action Controller 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-47887 镜像层: sha256:5e3a6c113046c7de4fc8a293052c4e1506aa2ffe2d47431e366d324550ab829a 发布日期: 2024-10-16 20:15 修改: 2024-10-18 12:53

home/git/gitlab-shell/bin/check (gobinary)

低危漏洞:0

中危漏洞:7

高危漏洞:3

严重漏洞:1

软件包	漏洞	安全状态	安装版本	修复版本	漏洞信息
stdlib	CVE-2024-24790	严重	1.22.2	1.21.11, 1.22.4	golang: net/netip: Unexpected behavior from Is methods for IPv4-mapped IPv6 addresses 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-24790 镜像层: sha256:5e3a6c113046c7de4fc8a293052c4e1506aa2ffe2d47431e366d324550ab829a 发布日期: 2024-06-05 16:15 修改: 2024-09-03 18:35
golang.org/x/net	CVE-2024-45338	高危	v0.18.0	0.33.0	golang.org/x/net/html: Non-linear parsing of case-insensitive content in golang.org/x/net/html 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-45338 镜像层: sha256:5e3a6c113046c7de4fc8a293052c4e1506aa2ffe2d47431e366d324550ab829a 发布日期: 2024-12-18 21:15 修改: 2024-12-31 20:16
stdlib	CVE-2024-24788	高危	1.22.2	1.22.3	golang: net: malformed DNS message can cause infinite loop 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-24788 镜像层: sha256:5e3a6c113046c7de4fc8a293052c4e1506aa2ffe2d47431e366d324550ab829a 发布日期: 2024-05-08 16:15 修改: 2024-06-14 13:15
stdlib	CVE-2024-34156	高危	1.22.2	1.22.7, 1.23.1	encoding/gob: golang: Calling Decoder.Decode on a message which contains deeply nested structures can cause a panic due to stack exhaustion 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-34156 镜像层: sha256:5e3a6c113046c7de4fc8a293052c4e1506aa2ffe2d47431e366d324550ab829a 发布日期: 2024-09-06 21:15 修改: 2024-09-09 15:35
github.com/hashicorp/go-retryablehttp	CVE-2024-6104	中危	v0.7.5	0.7.7	go-retryablehttp: url might write sensitive information to log file 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-6104 镜像层: sha256:5e3a6c113046c7de4fc8a293052c4e1506aa2ffe2d47431e366d324550ab829a 发布日期: 2024-06-24 17:15 修改: 2024-06-26 17:19
golang.org/x/net	CVE-2023-45288	中危	v0.18.0	0.23.0	golang: net/http, x/net/http2: unlimited number of CONTINUATION frames causes DoS 漏洞详情: https://avd.aquasec.com/nvd/cve-2023-45288 镜像层: sha256:5e3a6c113046c7de4fc8a293052c4e1506aa2ffe2d47431e366d324550ab829a 发布日期: 2024-04-04 21:15 修改: 2024-08-26 21:35
google.golang.org/protobuf	CVE-2024-24786	中危	v1.32.0	1.33.0	golang-protobuf: encoding/protojson, internal/encoding/json: infinite loop in protojson.Unmarshal when unmarshaling certain forms of invalid JSON 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-24786 镜像层: sha256:5e3a6c113046c7de4fc8a293052c4e1506aa2ffe2d47431e366d324550ab829a 发布日期: 2024-03-05 23:15 修改: 2024-11-07 17:35
stdlib	CVE-2024-24789	中危	1.22.2	1.21.11, 1.22.4	golang: archive/zip: Incorrect handling of certain ZIP files 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-24789 镜像层: sha256:5e3a6c113046c7de4fc8a293052c4e1506aa2ffe2d47431e366d324550ab829a 发布日期: 2024-06-05 16:15 修改: 2024-07-03 01:48
stdlib	CVE-2024-24791	中危	1.22.2	1.21.12, 1.22.5	net/http: Denial of service due to improper 100-continue handling in net/http 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-24791 镜像层: sha256:5e3a6c113046c7de4fc8a293052c4e1506aa2ffe2d47431e366d324550ab829a 发布日期: 2024-07-02 22:15 修改: 2024-07-08 14:17
stdlib	CVE-2024-34155	中危	1.22.2	1.22.7, 1.23.1	go/parser: golang: Calling any of the Parse functions containing deeply nested literals can cause a panic/stack exhaustion 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-34155 镜像层: sha256:5e3a6c113046c7de4fc8a293052c4e1506aa2ffe2d47431e366d324550ab829a 发布日期: 2024-09-06 21:15 修改: 2024-11-04 17:35
stdlib	CVE-2024-34158	中危	1.22.2	1.22.7, 1.23.1	go/build/constraint: golang: Calling Parse on a "// +build" build tag line with deeply nested expressions can cause a panic due to stack exhaustion 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-34158 镜像层: sha256:5e3a6c113046c7de4fc8a293052c4e1506aa2ffe2d47431e366d324550ab829a 发布日期: 2024-09-06 21:15 修改: 2024-09-09 14:35

home/git/gitlab-shell/bin/gitlab-shell (gobinary)

低危漏洞:0

中危漏洞:7

高危漏洞:3

严重漏洞:1

软件包	漏洞	安全状态	安装版本	修复版本	漏洞信息
stdlib	CVE-2024-24790	严重	1.22.2	1.21.11, 1.22.4	golang: net/netip: Unexpected behavior from Is methods for IPv4-mapped IPv6 addresses 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-24790 镜像层: sha256:5e3a6c113046c7de4fc8a293052c4e1506aa2ffe2d47431e366d324550ab829a 发布日期: 2024-06-05 16:15 修改: 2024-09-03 18:35
golang.org/x/net	CVE-2024-45338	高危	v0.18.0	0.33.0	golang.org/x/net/html: Non-linear parsing of case-insensitive content in golang.org/x/net/html 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-45338 镜像层: sha256:5e3a6c113046c7de4fc8a293052c4e1506aa2ffe2d47431e366d324550ab829a 发布日期: 2024-12-18 21:15 修改: 2024-12-31 20:16
stdlib	CVE-2024-24788	高危	1.22.2	1.22.3	golang: net: malformed DNS message can cause infinite loop 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-24788 镜像层: sha256:5e3a6c113046c7de4fc8a293052c4e1506aa2ffe2d47431e366d324550ab829a 发布日期: 2024-05-08 16:15 修改: 2024-06-14 13:15
stdlib	CVE-2024-34156	高危	1.22.2	1.22.7, 1.23.1	encoding/gob: golang: Calling Decoder.Decode on a message which contains deeply nested structures can cause a panic due to stack exhaustion 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-34156 镜像层: sha256:5e3a6c113046c7de4fc8a293052c4e1506aa2ffe2d47431e366d324550ab829a 发布日期: 2024-09-06 21:15 修改: 2024-09-09 15:35
github.com/hashicorp/go-retryablehttp	CVE-2024-6104	中危	v0.7.5	0.7.7	go-retryablehttp: url might write sensitive information to log file 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-6104 镜像层: sha256:5e3a6c113046c7de4fc8a293052c4e1506aa2ffe2d47431e366d324550ab829a 发布日期: 2024-06-24 17:15 修改: 2024-06-26 17:19
golang.org/x/net	CVE-2023-45288	中危	v0.18.0	0.23.0	golang: net/http, x/net/http2: unlimited number of CONTINUATION frames causes DoS 漏洞详情: https://avd.aquasec.com/nvd/cve-2023-45288 镜像层: sha256:5e3a6c113046c7de4fc8a293052c4e1506aa2ffe2d47431e366d324550ab829a 发布日期: 2024-04-04 21:15 修改: 2024-08-26 21:35
google.golang.org/protobuf	CVE-2024-24786	中危	v1.32.0	1.33.0	golang-protobuf: encoding/protojson, internal/encoding/json: infinite loop in protojson.Unmarshal when unmarshaling certain forms of invalid JSON 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-24786 镜像层: sha256:5e3a6c113046c7de4fc8a293052c4e1506aa2ffe2d47431e366d324550ab829a 发布日期: 2024-03-05 23:15 修改: 2024-11-07 17:35
stdlib	CVE-2024-24789	中危	1.22.2	1.21.11, 1.22.4	golang: archive/zip: Incorrect handling of certain ZIP files 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-24789 镜像层: sha256:5e3a6c113046c7de4fc8a293052c4e1506aa2ffe2d47431e366d324550ab829a 发布日期: 2024-06-05 16:15 修改: 2024-07-03 01:48
stdlib	CVE-2024-24791	中危	1.22.2	1.21.12, 1.22.5	net/http: Denial of service due to improper 100-continue handling in net/http 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-24791 镜像层: sha256:5e3a6c113046c7de4fc8a293052c4e1506aa2ffe2d47431e366d324550ab829a 发布日期: 2024-07-02 22:15 修改: 2024-07-08 14:17
stdlib	CVE-2024-34155	中危	1.22.2	1.22.7, 1.23.1	go/parser: golang: Calling any of the Parse functions containing deeply nested literals can cause a panic/stack exhaustion 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-34155 镜像层: sha256:5e3a6c113046c7de4fc8a293052c4e1506aa2ffe2d47431e366d324550ab829a 发布日期: 2024-09-06 21:15 修改: 2024-11-04 17:35
stdlib	CVE-2024-34158	中危	1.22.2	1.22.7, 1.23.1	go/build/constraint: golang: Calling Parse on a "// +build" build tag line with deeply nested expressions can cause a panic due to stack exhaustion 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-34158 镜像层: sha256:5e3a6c113046c7de4fc8a293052c4e1506aa2ffe2d47431e366d324550ab829a 发布日期: 2024-09-06 21:15 修改: 2024-09-09 14:35

home/git/gitlab-shell/bin/gitlab-shell-authorized-keys-check (gobinary)

低危漏洞:0

中危漏洞:7

高危漏洞:3

严重漏洞:1

软件包	漏洞	安全状态	安装版本	修复版本	漏洞信息
stdlib	CVE-2024-24790	严重	1.22.2	1.21.11, 1.22.4	golang: net/netip: Unexpected behavior from Is methods for IPv4-mapped IPv6 addresses 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-24790 镜像层: sha256:5e3a6c113046c7de4fc8a293052c4e1506aa2ffe2d47431e366d324550ab829a 发布日期: 2024-06-05 16:15 修改: 2024-09-03 18:35
golang.org/x/net	CVE-2024-45338	高危	v0.18.0	0.33.0	golang.org/x/net/html: Non-linear parsing of case-insensitive content in golang.org/x/net/html 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-45338 镜像层: sha256:5e3a6c113046c7de4fc8a293052c4e1506aa2ffe2d47431e366d324550ab829a 发布日期: 2024-12-18 21:15 修改: 2024-12-31 20:16
stdlib	CVE-2024-24788	高危	1.22.2	1.22.3	golang: net: malformed DNS message can cause infinite loop 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-24788 镜像层: sha256:5e3a6c113046c7de4fc8a293052c4e1506aa2ffe2d47431e366d324550ab829a 发布日期: 2024-05-08 16:15 修改: 2024-06-14 13:15
stdlib	CVE-2024-34156	高危	1.22.2	1.22.7, 1.23.1	encoding/gob: golang: Calling Decoder.Decode on a message which contains deeply nested structures can cause a panic due to stack exhaustion 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-34156 镜像层: sha256:5e3a6c113046c7de4fc8a293052c4e1506aa2ffe2d47431e366d324550ab829a 发布日期: 2024-09-06 21:15 修改: 2024-09-09 15:35
github.com/hashicorp/go-retryablehttp	CVE-2024-6104	中危	v0.7.5	0.7.7	go-retryablehttp: url might write sensitive information to log file 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-6104 镜像层: sha256:5e3a6c113046c7de4fc8a293052c4e1506aa2ffe2d47431e366d324550ab829a 发布日期: 2024-06-24 17:15 修改: 2024-06-26 17:19
golang.org/x/net	CVE-2023-45288	中危	v0.18.0	0.23.0	golang: net/http, x/net/http2: unlimited number of CONTINUATION frames causes DoS 漏洞详情: https://avd.aquasec.com/nvd/cve-2023-45288 镜像层: sha256:5e3a6c113046c7de4fc8a293052c4e1506aa2ffe2d47431e366d324550ab829a 发布日期: 2024-04-04 21:15 修改: 2024-08-26 21:35
google.golang.org/protobuf	CVE-2024-24786	中危	v1.32.0	1.33.0	golang-protobuf: encoding/protojson, internal/encoding/json: infinite loop in protojson.Unmarshal when unmarshaling certain forms of invalid JSON 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-24786 镜像层: sha256:5e3a6c113046c7de4fc8a293052c4e1506aa2ffe2d47431e366d324550ab829a 发布日期: 2024-03-05 23:15 修改: 2024-11-07 17:35
stdlib	CVE-2024-24789	中危	1.22.2	1.21.11, 1.22.4	golang: archive/zip: Incorrect handling of certain ZIP files 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-24789 镜像层: sha256:5e3a6c113046c7de4fc8a293052c4e1506aa2ffe2d47431e366d324550ab829a 发布日期: 2024-06-05 16:15 修改: 2024-07-03 01:48
stdlib	CVE-2024-24791	中危	1.22.2	1.21.12, 1.22.5	net/http: Denial of service due to improper 100-continue handling in net/http 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-24791 镜像层: sha256:5e3a6c113046c7de4fc8a293052c4e1506aa2ffe2d47431e366d324550ab829a 发布日期: 2024-07-02 22:15 修改: 2024-07-08 14:17
stdlib	CVE-2024-34155	中危	1.22.2	1.22.7, 1.23.1	go/parser: golang: Calling any of the Parse functions containing deeply nested literals can cause a panic/stack exhaustion 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-34155 镜像层: sha256:5e3a6c113046c7de4fc8a293052c4e1506aa2ffe2d47431e366d324550ab829a 发布日期: 2024-09-06 21:15 修改: 2024-11-04 17:35
stdlib	CVE-2024-34158	中危	1.22.2	1.22.7, 1.23.1	go/build/constraint: golang: Calling Parse on a "// +build" build tag line with deeply nested expressions can cause a panic due to stack exhaustion 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-34158 镜像层: sha256:5e3a6c113046c7de4fc8a293052c4e1506aa2ffe2d47431e366d324550ab829a 发布日期: 2024-09-06 21:15 修改: 2024-09-09 14:35

home/git/gitlab-shell/bin/gitlab-shell-authorized-principals-check (gobinary)

低危漏洞:0

中危漏洞:7

高危漏洞:3

严重漏洞:1

软件包	漏洞	安全状态	安装版本	修复版本	漏洞信息
stdlib	CVE-2024-24790	严重	1.22.2	1.21.11, 1.22.4	golang: net/netip: Unexpected behavior from Is methods for IPv4-mapped IPv6 addresses 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-24790 镜像层: sha256:5e3a6c113046c7de4fc8a293052c4e1506aa2ffe2d47431e366d324550ab829a 发布日期: 2024-06-05 16:15 修改: 2024-09-03 18:35
golang.org/x/net	CVE-2024-45338	高危	v0.18.0	0.33.0	golang.org/x/net/html: Non-linear parsing of case-insensitive content in golang.org/x/net/html 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-45338 镜像层: sha256:5e3a6c113046c7de4fc8a293052c4e1506aa2ffe2d47431e366d324550ab829a 发布日期: 2024-12-18 21:15 修改: 2024-12-31 20:16
stdlib	CVE-2024-24788	高危	1.22.2	1.22.3	golang: net: malformed DNS message can cause infinite loop 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-24788 镜像层: sha256:5e3a6c113046c7de4fc8a293052c4e1506aa2ffe2d47431e366d324550ab829a 发布日期: 2024-05-08 16:15 修改: 2024-06-14 13:15
stdlib	CVE-2024-34156	高危	1.22.2	1.22.7, 1.23.1	encoding/gob: golang: Calling Decoder.Decode on a message which contains deeply nested structures can cause a panic due to stack exhaustion 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-34156 镜像层: sha256:5e3a6c113046c7de4fc8a293052c4e1506aa2ffe2d47431e366d324550ab829a 发布日期: 2024-09-06 21:15 修改: 2024-09-09 15:35
github.com/hashicorp/go-retryablehttp	CVE-2024-6104	中危	v0.7.5	0.7.7	go-retryablehttp: url might write sensitive information to log file 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-6104 镜像层: sha256:5e3a6c113046c7de4fc8a293052c4e1506aa2ffe2d47431e366d324550ab829a 发布日期: 2024-06-24 17:15 修改: 2024-06-26 17:19
golang.org/x/net	CVE-2023-45288	中危	v0.18.0	0.23.0	golang: net/http, x/net/http2: unlimited number of CONTINUATION frames causes DoS 漏洞详情: https://avd.aquasec.com/nvd/cve-2023-45288 镜像层: sha256:5e3a6c113046c7de4fc8a293052c4e1506aa2ffe2d47431e366d324550ab829a 发布日期: 2024-04-04 21:15 修改: 2024-08-26 21:35
google.golang.org/protobuf	CVE-2024-24786	中危	v1.32.0	1.33.0	golang-protobuf: encoding/protojson, internal/encoding/json: infinite loop in protojson.Unmarshal when unmarshaling certain forms of invalid JSON 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-24786 镜像层: sha256:5e3a6c113046c7de4fc8a293052c4e1506aa2ffe2d47431e366d324550ab829a 发布日期: 2024-03-05 23:15 修改: 2024-11-07 17:35
stdlib	CVE-2024-24789	中危	1.22.2	1.21.11, 1.22.4	golang: archive/zip: Incorrect handling of certain ZIP files 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-24789 镜像层: sha256:5e3a6c113046c7de4fc8a293052c4e1506aa2ffe2d47431e366d324550ab829a 发布日期: 2024-06-05 16:15 修改: 2024-07-03 01:48
stdlib	CVE-2024-24791	中危	1.22.2	1.21.12, 1.22.5	net/http: Denial of service due to improper 100-continue handling in net/http 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-24791 镜像层: sha256:5e3a6c113046c7de4fc8a293052c4e1506aa2ffe2d47431e366d324550ab829a 发布日期: 2024-07-02 22:15 修改: 2024-07-08 14:17
stdlib	CVE-2024-34155	中危	1.22.2	1.22.7, 1.23.1	go/parser: golang: Calling any of the Parse functions containing deeply nested literals can cause a panic/stack exhaustion 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-34155 镜像层: sha256:5e3a6c113046c7de4fc8a293052c4e1506aa2ffe2d47431e366d324550ab829a 发布日期: 2024-09-06 21:15 修改: 2024-11-04 17:35
stdlib	CVE-2024-34158	中危	1.22.2	1.22.7, 1.23.1	go/build/constraint: golang: Calling Parse on a "// +build" build tag line with deeply nested expressions can cause a panic due to stack exhaustion 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-34158 镜像层: sha256:5e3a6c113046c7de4fc8a293052c4e1506aa2ffe2d47431e366d324550ab829a 发布日期: 2024-09-06 21:15 修改: 2024-09-09 14:35

home/git/gitlab-shell/bin/gitlab-sshd (gobinary)

低危漏洞:0

中危漏洞:7

高危漏洞:3

严重漏洞:2

软件包	漏洞	安全状态	安装版本	修复版本	漏洞信息
golang.org/x/crypto	CVE-2024-45337	严重	v0.18.0	0.31.0	golang.org/x/crypto/ssh: Misuse of ServerConfig.PublicKeyCallback may cause authorization bypass in golang.org/x/crypto 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-45337 镜像层: sha256:5e3a6c113046c7de4fc8a293052c4e1506aa2ffe2d47431e366d324550ab829a 发布日期: 2024-12-12 02:02 修改: 2024-12-12 21:15
stdlib	CVE-2024-24790	严重	1.22.2	1.21.11, 1.22.4	golang: net/netip: Unexpected behavior from Is methods for IPv4-mapped IPv6 addresses 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-24790 镜像层: sha256:5e3a6c113046c7de4fc8a293052c4e1506aa2ffe2d47431e366d324550ab829a 发布日期: 2024-06-05 16:15 修改: 2024-09-03 18:35
golang.org/x/net	CVE-2024-45338	高危	v0.18.0	0.33.0	golang.org/x/net/html: Non-linear parsing of case-insensitive content in golang.org/x/net/html 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-45338 镜像层: sha256:5e3a6c113046c7de4fc8a293052c4e1506aa2ffe2d47431e366d324550ab829a 发布日期: 2024-12-18 21:15 修改: 2024-12-31 20:16
stdlib	CVE-2024-24788	高危	1.22.2	1.22.3	golang: net: malformed DNS message can cause infinite loop 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-24788 镜像层: sha256:5e3a6c113046c7de4fc8a293052c4e1506aa2ffe2d47431e366d324550ab829a 发布日期: 2024-05-08 16:15 修改: 2024-06-14 13:15
stdlib	CVE-2024-34156	高危	1.22.2	1.22.7, 1.23.1	encoding/gob: golang: Calling Decoder.Decode on a message which contains deeply nested structures can cause a panic due to stack exhaustion 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-34156 镜像层: sha256:5e3a6c113046c7de4fc8a293052c4e1506aa2ffe2d47431e366d324550ab829a 发布日期: 2024-09-06 21:15 修改: 2024-09-09 15:35
github.com/hashicorp/go-retryablehttp	CVE-2024-6104	中危	v0.7.5	0.7.7	go-retryablehttp: url might write sensitive information to log file 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-6104 镜像层: sha256:5e3a6c113046c7de4fc8a293052c4e1506aa2ffe2d47431e366d324550ab829a 发布日期: 2024-06-24 17:15 修改: 2024-06-26 17:19
golang.org/x/net	CVE-2023-45288	中危	v0.18.0	0.23.0	golang: net/http, x/net/http2: unlimited number of CONTINUATION frames causes DoS 漏洞详情: https://avd.aquasec.com/nvd/cve-2023-45288 镜像层: sha256:5e3a6c113046c7de4fc8a293052c4e1506aa2ffe2d47431e366d324550ab829a 发布日期: 2024-04-04 21:15 修改: 2024-08-26 21:35
google.golang.org/protobuf	CVE-2024-24786	中危	v1.32.0	1.33.0	golang-protobuf: encoding/protojson, internal/encoding/json: infinite loop in protojson.Unmarshal when unmarshaling certain forms of invalid JSON 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-24786 镜像层: sha256:5e3a6c113046c7de4fc8a293052c4e1506aa2ffe2d47431e366d324550ab829a 发布日期: 2024-03-05 23:15 修改: 2024-11-07 17:35
stdlib	CVE-2024-24789	中危	1.22.2	1.21.11, 1.22.4	golang: archive/zip: Incorrect handling of certain ZIP files 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-24789 镜像层: sha256:5e3a6c113046c7de4fc8a293052c4e1506aa2ffe2d47431e366d324550ab829a 发布日期: 2024-06-05 16:15 修改: 2024-07-03 01:48
stdlib	CVE-2024-24791	中危	1.22.2	1.21.12, 1.22.5	net/http: Denial of service due to improper 100-continue handling in net/http 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-24791 镜像层: sha256:5e3a6c113046c7de4fc8a293052c4e1506aa2ffe2d47431e366d324550ab829a 发布日期: 2024-07-02 22:15 修改: 2024-07-08 14:17
stdlib	CVE-2024-34155	中危	1.22.2	1.22.7, 1.23.1	go/parser: golang: Calling any of the Parse functions containing deeply nested literals can cause a panic/stack exhaustion 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-34155 镜像层: sha256:5e3a6c113046c7de4fc8a293052c4e1506aa2ffe2d47431e366d324550ab829a 发布日期: 2024-09-06 21:15 修改: 2024-11-04 17:35
stdlib	CVE-2024-34158	中危	1.22.2	1.22.7, 1.23.1	go/build/constraint: golang: Calling Parse on a "// +build" build tag line with deeply nested expressions can cause a panic due to stack exhaustion 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-34158 镜像层: sha256:5e3a6c113046c7de4fc8a293052c4e1506aa2ffe2d47431e366d324550ab829a 发布日期: 2024-09-06 21:15 修改: 2024-09-09 14:35

home/git/gitlab/vendor/bundle/ruby/3.2.0/gems/devfile-0.0.25.pre.alpha1-x86_64-linux/bin/devfile (gobinary)

低危漏洞:3

中危漏洞:27

高危漏洞:10

严重漏洞:5

软件包	漏洞	安全状态	安装版本	修复版本	漏洞信息
github.com/docker/docker	CVE-2024-41110	严重	v20.10.11+incompatible	23.0.15, 26.1.5, 27.1.1, 25.0.6	moby: Authz zero length regression 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-41110 镜像层: sha256:5e3a6c113046c7de4fc8a293052c4e1506aa2ffe2d47431e366d324550ab829a 发布日期: 2024-07-24 17:15 修改: 2024-07-30 20:15
github.com/go-git/go-git/v5	CVE-2023-49569	严重	v5.4.2	5.11.0	go-git: Maliciously crafted Git server replies can lead to path traversal and RCE on go-git clients 漏洞详情: https://avd.aquasec.com/nvd/cve-2023-49569 镜像层: sha256:5e3a6c113046c7de4fc8a293052c4e1506aa2ffe2d47431e366d324550ab829a 发布日期: 2024-01-12 11:15 修改: 2024-01-22 18:57
github.com/go-git/go-git/v5	CVE-2025-21613	严重	v5.4.2	5.13.0	go-git: argument injection via the URL field 漏洞详情: https://avd.aquasec.com/nvd/cve-2025-21613 镜像层: sha256:5e3a6c113046c7de4fc8a293052c4e1506aa2ffe2d47431e366d324550ab829a 发布日期: 2025-01-06 17:15 修改: 2025-01-06 17:15
golang.org/x/crypto	CVE-2024-45337	严重	v0.0.0-20220315160706-3147a52a75dd	0.31.0	golang.org/x/crypto/ssh: Misuse of ServerConfig.PublicKeyCallback may cause authorization bypass in golang.org/x/crypto 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-45337 镜像层: sha256:5e3a6c113046c7de4fc8a293052c4e1506aa2ffe2d47431e366d324550ab829a 发布日期: 2024-12-12 02:02 修改: 2024-12-12 21:15
stdlib	CVE-2024-24790	严重	1.21.5	1.21.11, 1.22.4	golang: net/netip: Unexpected behavior from Is methods for IPv4-mapped IPv6 addresses 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-24790 镜像层: sha256:5e3a6c113046c7de4fc8a293052c4e1506aa2ffe2d47431e366d324550ab829a 发布日期: 2024-06-05 16:15 修改: 2024-09-03 18:35
github.com/containerd/containerd	CVE-2022-23648	高危	v1.5.9	1.4.13, 1.5.10, 1.6.1	containerd: insecure handling of image volumes 漏洞详情: https://avd.aquasec.com/nvd/cve-2022-23648 镜像层: sha256:5e3a6c113046c7de4fc8a293052c4e1506aa2ffe2d47431e366d324550ab829a 发布日期: 2022-03-03 14:15 修改: 2024-01-31 13:15
github.com/go-git/go-git/v5	CVE-2023-49568	高危	v5.4.2	5.11.0	go-git: Maliciously crafted Git server replies can cause DoS on go-git clients 漏洞详情: https://avd.aquasec.com/nvd/cve-2023-49568 镜像层: sha256:5e3a6c113046c7de4fc8a293052c4e1506aa2ffe2d47431e366d324550ab829a 发布日期: 2024-01-12 11:15 修改: 2024-01-22 17:57
github.com/go-git/go-git/v5	CVE-2025-21614	高危	v5.4.2	5.13.0	go-git: go-git clients vulnerable to DoS via maliciously crafted Git server replies 漏洞详情: https://avd.aquasec.com/nvd/cve-2025-21614 镜像层: sha256:5e3a6c113046c7de4fc8a293052c4e1506aa2ffe2d47431e366d324550ab829a 发布日期: 2025-01-06 17:15 修改: 2025-01-06 17:15
github.com/docker/docker	CVE-2023-28840	高危	v20.10.11+incompatible	20.10.24, 23.0.3	moby: Encrypted overlay network may be unauthenticated 漏洞详情: https://avd.aquasec.com/nvd/cve-2023-28840 镜像层: sha256:5e3a6c113046c7de4fc8a293052c4e1506aa2ffe2d47431e366d324550ab829a 发布日期: 2023-04-04 22:15 修改: 2023-09-15 21:15
golang.org/x/net	CVE-2023-39325	高危	v0.8.0	0.17.0	golang: net/http, x/net/http2: rapid stream resets can cause excessive work (CVE-2023-44487) 漏洞详情: https://avd.aquasec.com/nvd/cve-2023-39325 镜像层: sha256:5e3a6c113046c7de4fc8a293052c4e1506aa2ffe2d47431e366d324550ab829a 发布日期: 2023-10-11 22:15 修改: 2024-04-28 04:15
golang.org/x/net	CVE-2024-45338	高危	v0.8.0	0.33.0	golang.org/x/net/html: Non-linear parsing of case-insensitive content in golang.org/x/net/html 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-45338 镜像层: sha256:5e3a6c113046c7de4fc8a293052c4e1506aa2ffe2d47431e366d324550ab829a 发布日期: 2024-12-18 21:15 修改: 2024-12-31 20:16
google.golang.org/grpc	GHSA-m425-mq94-257g	高危	v1.47.0	1.56.3, 1.57.1, 1.58.3	gRPC-Go HTTP/2 Rapid Reset vulnerability 漏洞详情: https://github.com/advisories/GHSA-m425-mq94-257g 镜像层: sha256:5e3a6c113046c7de4fc8a293052c4e1506aa2ffe2d47431e366d324550ab829a 发布日期: 0001-01-01 00:00 修改: 0001-01-01 00:00
github.com/docker/distribution	CVE-2023-2253	高危	v2.7.1+incompatible	2.8.2-beta.1	distribution/distribution: DoS from malicious API request 漏洞详情: https://avd.aquasec.com/nvd/cve-2023-2253 镜像层: sha256:5e3a6c113046c7de4fc8a293052c4e1506aa2ffe2d47431e366d324550ab829a 发布日期: 2023-06-06 20:15 修改: 2025-01-07 22:15
stdlib	CVE-2023-45288	高危	1.21.5	1.21.9, 1.22.2	golang: net/http, x/net/http2: unlimited number of CONTINUATION frames causes DoS 漏洞详情: https://avd.aquasec.com/nvd/cve-2023-45288 镜像层: sha256:5e3a6c113046c7de4fc8a293052c4e1506aa2ffe2d47431e366d324550ab829a 发布日期: 2024-04-04 21:15 修改: 2024-08-26 21:35
stdlib	CVE-2024-34156	高危	1.21.5	1.22.7, 1.23.1	encoding/gob: golang: Calling Decoder.Decode on a message which contains deeply nested structures can cause a panic due to stack exhaustion 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-34156 镜像层: sha256:5e3a6c113046c7de4fc8a293052c4e1506aa2ffe2d47431e366d324550ab829a 发布日期: 2024-09-06 21:15 修改: 2024-09-09 15:35
github.com/docker/docker	GHSA-jq35-85cj-fj4p	中危	v20.10.11+incompatible	24.0.7, 23.0.8, 20.10.27	/sys/devices/virtual/powercap accessible by default to containers 漏洞详情: https://github.com/advisories/GHSA-jq35-85cj-fj4p 镜像层: sha256:5e3a6c113046c7de4fc8a293052c4e1506aa2ffe2d47431e366d324550ab829a 发布日期: 0001-01-01 00:00 修改: 0001-01-01 00:00
github.com/containerd/containerd	CVE-2023-25173	中危	v1.5.9	1.5.18, 1.6.18	containerd: Supplementary groups are not set up properly 漏洞详情: https://avd.aquasec.com/nvd/cve-2023-25173 镜像层: sha256:5e3a6c113046c7de4fc8a293052c4e1506aa2ffe2d47431e366d324550ab829a 发布日期: 2023-02-16 15:15 修改: 2023-09-15 21:15
github.com/containerd/containerd	GHSA-7ww5-4wqc-m92c	中危	v1.5.9	1.6.26, 1.7.11	containerd allows RAPL to be accessible to a container 漏洞详情: https://github.com/advisories/GHSA-7ww5-4wqc-m92c 镜像层: sha256:5e3a6c113046c7de4fc8a293052c4e1506aa2ffe2d47431e366d324550ab829a 发布日期: 0001-01-01 00:00 修改: 0001-01-01 00:00
github.com/containerd/containerd	CVE-2022-23471	中危	v1.5.9	1.5.16, 1.6.12	containerd is an open source container runtime. A bug was found in con ... 漏洞详情: https://avd.aquasec.com/nvd/cve-2022-23471 镜像层: sha256:5e3a6c113046c7de4fc8a293052c4e1506aa2ffe2d47431e366d324550ab829a 发布日期: 2022-12-07 23:15 修改: 2024-01-31 13:15
github.com/containerd/containerd	CVE-2022-31030	中危	v1.5.9	1.5.13, 1.6.6	containerd is an open source container runtime. A bug was found in the ... 漏洞详情: https://avd.aquasec.com/nvd/cve-2022-31030 镜像层: sha256:5e3a6c113046c7de4fc8a293052c4e1506aa2ffe2d47431e366d324550ab829a 发布日期: 2022-06-09 14:15 修改: 2024-01-31 13:15
github.com/containerd/containerd	CVE-2023-25153	中危	v1.5.9	1.5.18, 1.6.18	containerd: OCI image importer memory exhaustion 漏洞详情: https://avd.aquasec.com/nvd/cve-2023-25153 镜像层: sha256:5e3a6c113046c7de4fc8a293052c4e1506aa2ffe2d47431e366d324550ab829a 发布日期: 2023-02-16 15:15 修改: 2023-11-07 04:08
golang.org/x/crypto	CVE-2023-48795	中危	v0.0.0-20220315160706-3147a52a75dd	0.17.0	ssh: Prefix truncation attack on Binary Packet Protocol (BPP) 漏洞详情: https://avd.aquasec.com/nvd/cve-2023-48795 镜像层: sha256:5e3a6c113046c7de4fc8a293052c4e1506aa2ffe2d47431e366d324550ab829a 发布日期: 2023-12-18 16:15 修改: 2024-12-02 14:54
github.com/docker/docker	CVE-2022-24769	中危	v20.10.11+incompatible	20.10.14	moby: Default inheritable capabilities for linux container should be empty 漏洞详情: https://avd.aquasec.com/nvd/cve-2022-24769 镜像层: sha256:5e3a6c113046c7de4fc8a293052c4e1506aa2ffe2d47431e366d324550ab829a 发布日期: 2022-03-24 20:15 修改: 2024-01-31 13:15
github.com/docker/docker	CVE-2022-36109	中危	v20.10.11+incompatible	20.10.18	moby: supplementary groups mishandling 漏洞详情: https://avd.aquasec.com/nvd/cve-2022-36109 镜像层: sha256:5e3a6c113046c7de4fc8a293052c4e1506aa2ffe2d47431e366d324550ab829a 发布日期: 2022-09-09 18:15 修改: 2025-01-17 13:15
golang.org/x/net	CVE-2023-3978	中危	v0.8.0	0.13.0	golang.org/x/net/html: Cross site scripting 漏洞详情: https://avd.aquasec.com/nvd/cve-2023-3978 镜像层: sha256:5e3a6c113046c7de4fc8a293052c4e1506aa2ffe2d47431e366d324550ab829a 发布日期: 2023-08-02 20:15 修改: 2023-11-07 04:20
golang.org/x/net	CVE-2023-44487	中危	v0.8.0	0.17.0	HTTP/2: Multiple HTTP/2 enabled web servers are vulnerable to a DDoS attack (Rapid Reset Attack) 漏洞详情: https://avd.aquasec.com/nvd/cve-2023-44487 镜像层: sha256:5e3a6c113046c7de4fc8a293052c4e1506aa2ffe2d47431e366d324550ab829a 发布日期: 2023-10-10 14:15 修改: 2024-12-20 17:40
golang.org/x/net	CVE-2023-45288	中危	v0.8.0	0.23.0	golang: net/http, x/net/http2: unlimited number of CONTINUATION frames causes DoS 漏洞详情: https://avd.aquasec.com/nvd/cve-2023-45288 镜像层: sha256:5e3a6c113046c7de4fc8a293052c4e1506aa2ffe2d47431e366d324550ab829a 发布日期: 2024-04-04 21:15 修改: 2024-08-26 21:35
github.com/docker/docker	CVE-2023-28841	中危	v20.10.11+incompatible	20.10.24, 23.0.3	moby: Encrypted overlay network traffic may be unencrypted 漏洞详情: https://avd.aquasec.com/nvd/cve-2023-28841 镜像层: sha256:5e3a6c113046c7de4fc8a293052c4e1506aa2ffe2d47431e366d324550ab829a 发布日期: 2023-04-04 22:15 修改: 2023-09-15 21:15
google.golang.org/grpc	CVE-2023-44487	中危	v1.47.0	1.58.3, 1.57.1, 1.56.3	HTTP/2: Multiple HTTP/2 enabled web servers are vulnerable to a DDoS attack (Rapid Reset Attack) 漏洞详情: https://avd.aquasec.com/nvd/cve-2023-44487 镜像层: sha256:5e3a6c113046c7de4fc8a293052c4e1506aa2ffe2d47431e366d324550ab829a 发布日期: 2023-10-10 14:15 修改: 2024-12-20 17:40
google.golang.org/protobuf	CVE-2024-24786	中危	v1.28.1	1.33.0	golang-protobuf: encoding/protojson, internal/encoding/json: infinite loop in protojson.Unmarshal when unmarshaling certain forms of invalid JSON 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-24786 镜像层: sha256:5e3a6c113046c7de4fc8a293052c4e1506aa2ffe2d47431e366d324550ab829a 发布日期: 2024-03-05 23:15 修改: 2024-11-07 17:35
github.com/docker/docker	CVE-2023-28842	中危	v20.10.11+incompatible	20.10.24, 23.0.3	moby: Encrypted overlay network with a single endpoint is unauthenticated 漏洞详情: https://avd.aquasec.com/nvd/cve-2023-28842 镜像层: sha256:5e3a6c113046c7de4fc8a293052c4e1506aa2ffe2d47431e366d324550ab829a 发布日期: 2023-04-04 22:15 修改: 2023-09-15 21:15
github.com/docker/docker	CVE-2024-24557	中危	v20.10.11+incompatible	24.0.9, 25.0.2	moby: classic builder cache poisoning 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-24557 镜像层: sha256:5e3a6c113046c7de4fc8a293052c4e1506aa2ffe2d47431e366d324550ab829a 发布日期: 2024-02-01 17:15 修改: 2024-02-09 20:21
github.com/docker/docker	CVE-2024-29018	中危	v20.10.11+incompatible	26.0.0-rc3, 25.0.5, 23.0.11	moby: external DNS requests from 'internal' networks could lead to data exfiltration 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-29018 镜像层: sha256:5e3a6c113046c7de4fc8a293052c4e1506aa2ffe2d47431e366d324550ab829a 发布日期: 2024-03-20 21:15 修改: 2024-03-21 12:58
stdlib	CVE-2023-45289	中危	1.21.5	1.21.8, 1.22.1	golang: net/http/cookiejar: incorrect forwarding of sensitive headers and cookies on HTTP redirect 漏洞详情: https://avd.aquasec.com/nvd/cve-2023-45289 镜像层: sha256:5e3a6c113046c7de4fc8a293052c4e1506aa2ffe2d47431e366d324550ab829a 发布日期: 2024-03-05 23:15 修改: 2024-11-04 19:35
stdlib	CVE-2023-45290	中危	1.21.5	1.21.8, 1.22.1	golang: net/http: golang: mime/multipart: golang: net/textproto: memory exhaustion in Request.ParseMultipartForm 漏洞详情: https://avd.aquasec.com/nvd/cve-2023-45290 镜像层: sha256:5e3a6c113046c7de4fc8a293052c4e1506aa2ffe2d47431e366d324550ab829a 发布日期: 2024-03-05 23:15 修改: 2024-11-07 11:35
stdlib	CVE-2024-24783	中危	1.21.5	1.21.8, 1.22.1	golang: crypto/x509: Verify panics on certificates with an unknown public key algorithm 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-24783 镜像层: sha256:5e3a6c113046c7de4fc8a293052c4e1506aa2ffe2d47431e366d324550ab829a 发布日期: 2024-03-05 23:15 修改: 2024-11-05 17:35
stdlib	CVE-2024-24784	中危	1.21.5	1.21.8, 1.22.1	golang: net/mail: comments in display names are incorrectly handled 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-24784 镜像层: sha256:5e3a6c113046c7de4fc8a293052c4e1506aa2ffe2d47431e366d324550ab829a 发布日期: 2024-03-05 23:15 修改: 2024-08-05 21:35
stdlib	CVE-2024-24785	中危	1.21.5	1.21.8, 1.22.1	golang: html/template: errors returned from MarshalJSON methods may break template escaping 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-24785 镜像层: sha256:5e3a6c113046c7de4fc8a293052c4e1506aa2ffe2d47431e366d324550ab829a 发布日期: 2024-03-05 23:15 修改: 2024-05-01 17:15
stdlib	CVE-2024-24789	中危	1.21.5	1.21.11, 1.22.4	golang: archive/zip: Incorrect handling of certain ZIP files 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-24789 镜像层: sha256:5e3a6c113046c7de4fc8a293052c4e1506aa2ffe2d47431e366d324550ab829a 发布日期: 2024-06-05 16:15 修改: 2024-07-03 01:48
stdlib	CVE-2024-24791	中危	1.21.5	1.21.12, 1.22.5	net/http: Denial of service due to improper 100-continue handling in net/http 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-24791 镜像层: sha256:5e3a6c113046c7de4fc8a293052c4e1506aa2ffe2d47431e366d324550ab829a 发布日期: 2024-07-02 22:15 修改: 2024-07-08 14:17
stdlib	CVE-2024-34155	中危	1.21.5	1.22.7, 1.23.1	go/parser: golang: Calling any of the Parse functions containing deeply nested literals can cause a panic/stack exhaustion 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-34155 镜像层: sha256:5e3a6c113046c7de4fc8a293052c4e1506aa2ffe2d47431e366d324550ab829a 发布日期: 2024-09-06 21:15 修改: 2024-11-04 17:35
stdlib	CVE-2024-34158	中危	1.21.5	1.22.7, 1.23.1	go/build/constraint: golang: Calling Parse on a "// +build" build tag line with deeply nested expressions can cause a panic due to stack exhaustion 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-34158 镜像层: sha256:5e3a6c113046c7de4fc8a293052c4e1506aa2ffe2d47431e366d324550ab829a 发布日期: 2024-09-06 21:15 修改: 2024-09-09 14:35
github.com/docker/docker	GHSA-vp35-85q5-9f25	低危	v20.10.11+incompatible	20.10.20	Container build can leak any path on the host into the container 漏洞详情: https://github.com/advisories/GHSA-vp35-85q5-9f25 镜像层: sha256:5e3a6c113046c7de4fc8a293052c4e1506aa2ffe2d47431e366d324550ab829a 发布日期: 0001-01-01 00:00 修改: 0001-01-01 00:00
github.com/docker/distribution	GHSA-qq97-vm5h-rrhg	低危	v2.7.1+incompatible	2.8.0	OCI Manifest Type Confusion Issue 漏洞详情: https://github.com/advisories/GHSA-qq97-vm5h-rrhg 镜像层: sha256:5e3a6c113046c7de4fc8a293052c4e1506aa2ffe2d47431e366d324550ab829a 发布日期: 0001-01-01 00:00 修改: 0001-01-01 00:00
github.com/containerd/containerd	GHSA-c9cp-9c75-9v8c	低危	v1.5.9	1.5.11, 1.6.2	containerd started with non-empty inheritable Linux process capabilities 漏洞详情: https://github.com/advisories/GHSA-c9cp-9c75-9v8c 镜像层: sha256:5e3a6c113046c7de4fc8a293052c4e1506aa2ffe2d47431e366d324550ab829a 发布日期: 0001-01-01 00:00 修改: 0001-01-01 00:00

home/git/gitlab/vendor/bundle/ruby/3.2.0/gems/gitlab-glfm-markdown-0.0.12-x86_64-linux/Cargo.lock (cargo)

低危漏洞:0

中危漏洞:1

高危漏洞:1

严重漏洞:0

软件包	漏洞	安全状态	安装版本	修复版本	漏洞信息
shlex	GHSA-r7qv-8r2h-pg27	高危	1.2.0	1.3.0	Multiple issues involving quote API in shlex 漏洞详情: https://github.com/advisories/GHSA-r7qv-8r2h-pg27 镜像层: sha256:5e3a6c113046c7de4fc8a293052c4e1506aa2ffe2d47431e366d324550ab829a 发布日期: 0001-01-01 00:00 修改: 0001-01-01 00:00
anstream	GHSA-2rxc-gjrp-vjhx	中危	0.6.5	0.6.8	Unsoundness in anstream 漏洞详情: https://github.com/advisories/GHSA-2rxc-gjrp-vjhx 镜像层: sha256:5e3a6c113046c7de4fc8a293052c4e1506aa2ffe2d47431e366d324550ab829a 发布日期: 0001-01-01 00:00 修改: 0001-01-01 00:00

软件包

漏洞

安全状态

安装版本

修复版本

漏洞信息

shlex

GHSA-r7qv-8r2h-pg27

高危

1.2.0

1.3.0

Multiple issues involving quote API in shlex

漏洞详情: https://github.com/advisories/GHSA-r7qv-8r2h-pg27

镜像层: sha256:5e3a6c113046c7de4fc8a293052c4e1506aa2ffe2d47431e366d324550ab829a

发布日期: 0001-01-01 00:00 修改: 0001-01-01 00:00

anstream

GHSA-2rxc-gjrp-vjhx

中危

0.6.5

0.6.8

Unsoundness in anstream

漏洞详情: https://github.com/advisories/GHSA-2rxc-gjrp-vjhx

镜像层: sha256:5e3a6c113046c7de4fc8a293052c4e1506aa2ffe2d47431e366d324550ab829a

发布日期: 0001-01-01 00:00 修改: 0001-01-01 00:00

home/git/gitlab/vendor/bundle/ruby/3.2.0/gems/prometheus-client-mmap-1.1.1-x86_64-linux/ext/fast_mmaped_file_rs/Cargo.lock (cargo)

低危漏洞:0

中危漏洞:0

高危漏洞:0

严重漏洞:0

软件包	漏洞	安全状态	安装版本	修复版本	漏洞信息

usr/local/bin/gitaly (gobinary)

低危漏洞:1

中危漏洞:5

高危漏洞:4

严重漏洞:3

软件包	漏洞	安全状态	安装版本	修复版本	漏洞信息
github.com/go-git/go-git/v5	CVE-2025-21613	严重	v5.11.0	5.13.0	go-git: argument injection via the URL field 漏洞详情: https://avd.aquasec.com/nvd/cve-2025-21613 镜像层: sha256:5e3a6c113046c7de4fc8a293052c4e1506aa2ffe2d47431e366d324550ab829a 发布日期: 2025-01-06 17:15 修改: 2025-01-06 17:15
golang.org/x/crypto	CVE-2024-45337	严重	v0.22.0	0.31.0	golang.org/x/crypto/ssh: Misuse of ServerConfig.PublicKeyCallback may cause authorization bypass in golang.org/x/crypto 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-45337 镜像层: sha256:5e3a6c113046c7de4fc8a293052c4e1506aa2ffe2d47431e366d324550ab829a 发布日期: 2024-12-12 02:02 修改: 2024-12-12 21:15
stdlib	CVE-2024-24790	严重	1.22.2	1.21.11, 1.22.4	golang: net/netip: Unexpected behavior from Is methods for IPv4-mapped IPv6 addresses 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-24790 镜像层: sha256:5e3a6c113046c7de4fc8a293052c4e1506aa2ffe2d47431e366d324550ab829a 发布日期: 2024-06-05 16:15 修改: 2024-09-03 18:35
golang.org/x/net	CVE-2024-45338	高危	v0.24.0	0.33.0	golang.org/x/net/html: Non-linear parsing of case-insensitive content in golang.org/x/net/html 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-45338 镜像层: sha256:5e3a6c113046c7de4fc8a293052c4e1506aa2ffe2d47431e366d324550ab829a 发布日期: 2024-12-18 21:15 修改: 2024-12-31 20:16
github.com/go-git/go-git/v5	CVE-2025-21614	高危	v5.11.0	5.13.0	go-git: go-git clients vulnerable to DoS via maliciously crafted Git server replies 漏洞详情: https://avd.aquasec.com/nvd/cve-2025-21614 镜像层: sha256:5e3a6c113046c7de4fc8a293052c4e1506aa2ffe2d47431e366d324550ab829a 发布日期: 2025-01-06 17:15 修改: 2025-01-06 17:15
stdlib	CVE-2024-24788	高危	1.22.2	1.22.3	golang: net: malformed DNS message can cause infinite loop 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-24788 镜像层: sha256:5e3a6c113046c7de4fc8a293052c4e1506aa2ffe2d47431e366d324550ab829a 发布日期: 2024-05-08 16:15 修改: 2024-06-14 13:15
stdlib	CVE-2024-34156	高危	1.22.2	1.22.7, 1.23.1	encoding/gob: golang: Calling Decoder.Decode on a message which contains deeply nested structures can cause a panic due to stack exhaustion 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-34156 镜像层: sha256:5e3a6c113046c7de4fc8a293052c4e1506aa2ffe2d47431e366d324550ab829a 发布日期: 2024-09-06 21:15 修改: 2024-09-09 15:35
github.com/Azure/azure-sdk-for-go/sdk/azidentity	CVE-2024-35255	中危	v1.3.0	1.6.0	azure-identity: Azure Identity Libraries Elevation of Privilege Vulnerability in github.com/Azure/azure-sdk-for-go/sdk/azidentity 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-35255 镜像层: sha256:5e3a6c113046c7de4fc8a293052c4e1506aa2ffe2d47431e366d324550ab829a 发布日期: 2024-06-11 17:16 修改: 2024-06-20 16:31
stdlib	CVE-2024-24789	中危	1.22.2	1.21.11, 1.22.4	golang: archive/zip: Incorrect handling of certain ZIP files 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-24789 镜像层: sha256:5e3a6c113046c7de4fc8a293052c4e1506aa2ffe2d47431e366d324550ab829a 发布日期: 2024-06-05 16:15 修改: 2024-07-03 01:48
stdlib	CVE-2024-24791	中危	1.22.2	1.21.12, 1.22.5	net/http: Denial of service due to improper 100-continue handling in net/http 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-24791 镜像层: sha256:5e3a6c113046c7de4fc8a293052c4e1506aa2ffe2d47431e366d324550ab829a 发布日期: 2024-07-02 22:15 修改: 2024-07-08 14:17
stdlib	CVE-2024-34155	中危	1.22.2	1.22.7, 1.23.1	go/parser: golang: Calling any of the Parse functions containing deeply nested literals can cause a panic/stack exhaustion 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-34155 镜像层: sha256:5e3a6c113046c7de4fc8a293052c4e1506aa2ffe2d47431e366d324550ab829a 发布日期: 2024-09-06 21:15 修改: 2024-11-04 17:35
stdlib	CVE-2024-34158	中危	1.22.2	1.22.7, 1.23.1	go/build/constraint: golang: Calling Parse on a "// +build" build tag line with deeply nested expressions can cause a panic due to stack exhaustion 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-34158 镜像层: sha256:5e3a6c113046c7de4fc8a293052c4e1506aa2ffe2d47431e366d324550ab829a 发布日期: 2024-09-06 21:15 修改: 2024-09-09 14:35
github.com/golang-jwt/jwt/v4	CVE-2024-51744	低危	v4.5.0	4.5.1	golang-jwt: Bad documentation of error handling in ParseWithClaims can lead to potentially dangerous situations in golang-jwt 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-51744 镜像层: sha256:5e3a6c113046c7de4fc8a293052c4e1506aa2ffe2d47431e366d324550ab829a 发布日期: 2024-11-04 22:15 修改: 2024-11-05 16:04

usr/local/bin/gitaly-backup (gobinary)

低危漏洞:1

中危漏洞:5

高危漏洞:3

严重漏洞:2

软件包	漏洞	安全状态	安装版本	修复版本	漏洞信息
golang.org/x/crypto	CVE-2024-45337	严重	v0.22.0	0.31.0	golang.org/x/crypto/ssh: Misuse of ServerConfig.PublicKeyCallback may cause authorization bypass in golang.org/x/crypto 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-45337 镜像层: sha256:5e3a6c113046c7de4fc8a293052c4e1506aa2ffe2d47431e366d324550ab829a 发布日期: 2024-12-12 02:02 修改: 2024-12-12 21:15
stdlib	CVE-2024-24790	严重	1.22.2	1.21.11, 1.22.4	golang: net/netip: Unexpected behavior from Is methods for IPv4-mapped IPv6 addresses 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-24790 镜像层: sha256:5e3a6c113046c7de4fc8a293052c4e1506aa2ffe2d47431e366d324550ab829a 发布日期: 2024-06-05 16:15 修改: 2024-09-03 18:35
golang.org/x/net	CVE-2024-45338	高危	v0.24.0	0.33.0	golang.org/x/net/html: Non-linear parsing of case-insensitive content in golang.org/x/net/html 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-45338 镜像层: sha256:5e3a6c113046c7de4fc8a293052c4e1506aa2ffe2d47431e366d324550ab829a 发布日期: 2024-12-18 21:15 修改: 2024-12-31 20:16
stdlib	CVE-2024-24788	高危	1.22.2	1.22.3	golang: net: malformed DNS message can cause infinite loop 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-24788 镜像层: sha256:5e3a6c113046c7de4fc8a293052c4e1506aa2ffe2d47431e366d324550ab829a 发布日期: 2024-05-08 16:15 修改: 2024-06-14 13:15
stdlib	CVE-2024-34156	高危	1.22.2	1.22.7, 1.23.1	encoding/gob: golang: Calling Decoder.Decode on a message which contains deeply nested structures can cause a panic due to stack exhaustion 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-34156 镜像层: sha256:5e3a6c113046c7de4fc8a293052c4e1506aa2ffe2d47431e366d324550ab829a 发布日期: 2024-09-06 21:15 修改: 2024-09-09 15:35
github.com/Azure/azure-sdk-for-go/sdk/azidentity	CVE-2024-35255	中危	v1.3.0	1.6.0	azure-identity: Azure Identity Libraries Elevation of Privilege Vulnerability in github.com/Azure/azure-sdk-for-go/sdk/azidentity 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-35255 镜像层: sha256:5e3a6c113046c7de4fc8a293052c4e1506aa2ffe2d47431e366d324550ab829a 发布日期: 2024-06-11 17:16 修改: 2024-06-20 16:31
stdlib	CVE-2024-24789	中危	1.22.2	1.21.11, 1.22.4	golang: archive/zip: Incorrect handling of certain ZIP files 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-24789 镜像层: sha256:5e3a6c113046c7de4fc8a293052c4e1506aa2ffe2d47431e366d324550ab829a 发布日期: 2024-06-05 16:15 修改: 2024-07-03 01:48
stdlib	CVE-2024-24791	中危	1.22.2	1.21.12, 1.22.5	net/http: Denial of service due to improper 100-continue handling in net/http 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-24791 镜像层: sha256:5e3a6c113046c7de4fc8a293052c4e1506aa2ffe2d47431e366d324550ab829a 发布日期: 2024-07-02 22:15 修改: 2024-07-08 14:17
stdlib	CVE-2024-34155	中危	1.22.2	1.22.7, 1.23.1	go/parser: golang: Calling any of the Parse functions containing deeply nested literals can cause a panic/stack exhaustion 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-34155 镜像层: sha256:5e3a6c113046c7de4fc8a293052c4e1506aa2ffe2d47431e366d324550ab829a 发布日期: 2024-09-06 21:15 修改: 2024-11-04 17:35
stdlib	CVE-2024-34158	中危	1.22.2	1.22.7, 1.23.1	go/build/constraint: golang: Calling Parse on a "// +build" build tag line with deeply nested expressions can cause a panic due to stack exhaustion 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-34158 镜像层: sha256:5e3a6c113046c7de4fc8a293052c4e1506aa2ffe2d47431e366d324550ab829a 发布日期: 2024-09-06 21:15 修改: 2024-09-09 14:35
github.com/golang-jwt/jwt/v4	CVE-2024-51744	低危	v4.5.0	4.5.1	golang-jwt: Bad documentation of error handling in ParseWithClaims can lead to potentially dangerous situations in golang-jwt 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-51744 镜像层: sha256:5e3a6c113046c7de4fc8a293052c4e1506aa2ffe2d47431e366d324550ab829a 发布日期: 2024-11-04 22:15 修改: 2024-11-05 16:04

usr/local/bin/gitaly-blackbox (gobinary)

低危漏洞:0

中危漏洞:4

高危漏洞:3

严重漏洞:1

软件包	漏洞	安全状态	安装版本	修复版本	漏洞信息
stdlib	CVE-2024-24790	严重	1.22.2	1.21.11, 1.22.4	golang: net/netip: Unexpected behavior from Is methods for IPv4-mapped IPv6 addresses 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-24790 镜像层: sha256:5e3a6c113046c7de4fc8a293052c4e1506aa2ffe2d47431e366d324550ab829a 发布日期: 2024-06-05 16:15 修改: 2024-09-03 18:35
golang.org/x/net	CVE-2024-45338	高危	v0.24.0	0.33.0	golang.org/x/net/html: Non-linear parsing of case-insensitive content in golang.org/x/net/html 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-45338 镜像层: sha256:5e3a6c113046c7de4fc8a293052c4e1506aa2ffe2d47431e366d324550ab829a 发布日期: 2024-12-18 21:15 修改: 2024-12-31 20:16
stdlib	CVE-2024-24788	高危	1.22.2	1.22.3	golang: net: malformed DNS message can cause infinite loop 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-24788 镜像层: sha256:5e3a6c113046c7de4fc8a293052c4e1506aa2ffe2d47431e366d324550ab829a 发布日期: 2024-05-08 16:15 修改: 2024-06-14 13:15
stdlib	CVE-2024-34156	高危	1.22.2	1.22.7, 1.23.1	encoding/gob: golang: Calling Decoder.Decode on a message which contains deeply nested structures can cause a panic due to stack exhaustion 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-34156 镜像层: sha256:5e3a6c113046c7de4fc8a293052c4e1506aa2ffe2d47431e366d324550ab829a 发布日期: 2024-09-06 21:15 修改: 2024-09-09 15:35
stdlib	CVE-2024-24789	中危	1.22.2	1.21.11, 1.22.4	golang: archive/zip: Incorrect handling of certain ZIP files 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-24789 镜像层: sha256:5e3a6c113046c7de4fc8a293052c4e1506aa2ffe2d47431e366d324550ab829a 发布日期: 2024-06-05 16:15 修改: 2024-07-03 01:48
stdlib	CVE-2024-24791	中危	1.22.2	1.21.12, 1.22.5	net/http: Denial of service due to improper 100-continue handling in net/http 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-24791 镜像层: sha256:5e3a6c113046c7de4fc8a293052c4e1506aa2ffe2d47431e366d324550ab829a 发布日期: 2024-07-02 22:15 修改: 2024-07-08 14:17
stdlib	CVE-2024-34155	中危	1.22.2	1.22.7, 1.23.1	go/parser: golang: Calling any of the Parse functions containing deeply nested literals can cause a panic/stack exhaustion 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-34155 镜像层: sha256:5e3a6c113046c7de4fc8a293052c4e1506aa2ffe2d47431e366d324550ab829a 发布日期: 2024-09-06 21:15 修改: 2024-11-04 17:35
stdlib	CVE-2024-34158	中危	1.22.2	1.22.7, 1.23.1	go/build/constraint: golang: Calling Parse on a "// +build" build tag line with deeply nested expressions can cause a panic due to stack exhaustion 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-34158 镜像层: sha256:5e3a6c113046c7de4fc8a293052c4e1506aa2ffe2d47431e366d324550ab829a 发布日期: 2024-09-06 21:15 修改: 2024-09-09 14:35

usr/local/bin/gitaly-debug (gobinary)

低危漏洞:0

中危漏洞:4

高危漏洞:3

严重漏洞:1

软件包	漏洞	安全状态	安装版本	修复版本	漏洞信息
stdlib	CVE-2024-24790	严重	1.22.2	1.21.11, 1.22.4	golang: net/netip: Unexpected behavior from Is methods for IPv4-mapped IPv6 addresses 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-24790 镜像层: sha256:5e3a6c113046c7de4fc8a293052c4e1506aa2ffe2d47431e366d324550ab829a 发布日期: 2024-06-05 16:15 修改: 2024-09-03 18:35
golang.org/x/net	CVE-2024-45338	高危	v0.24.0	0.33.0	golang.org/x/net/html: Non-linear parsing of case-insensitive content in golang.org/x/net/html 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-45338 镜像层: sha256:5e3a6c113046c7de4fc8a293052c4e1506aa2ffe2d47431e366d324550ab829a 发布日期: 2024-12-18 21:15 修改: 2024-12-31 20:16
stdlib	CVE-2024-24788	高危	1.22.2	1.22.3	golang: net: malformed DNS message can cause infinite loop 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-24788 镜像层: sha256:5e3a6c113046c7de4fc8a293052c4e1506aa2ffe2d47431e366d324550ab829a 发布日期: 2024-05-08 16:15 修改: 2024-06-14 13:15
stdlib	CVE-2024-34156	高危	1.22.2	1.22.7, 1.23.1	encoding/gob: golang: Calling Decoder.Decode on a message which contains deeply nested structures can cause a panic due to stack exhaustion 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-34156 镜像层: sha256:5e3a6c113046c7de4fc8a293052c4e1506aa2ffe2d47431e366d324550ab829a 发布日期: 2024-09-06 21:15 修改: 2024-09-09 15:35
stdlib	CVE-2024-24789	中危	1.22.2	1.21.11, 1.22.4	golang: archive/zip: Incorrect handling of certain ZIP files 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-24789 镜像层: sha256:5e3a6c113046c7de4fc8a293052c4e1506aa2ffe2d47431e366d324550ab829a 发布日期: 2024-06-05 16:15 修改: 2024-07-03 01:48
stdlib	CVE-2024-24791	中危	1.22.2	1.21.12, 1.22.5	net/http: Denial of service due to improper 100-continue handling in net/http 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-24791 镜像层: sha256:5e3a6c113046c7de4fc8a293052c4e1506aa2ffe2d47431e366d324550ab829a 发布日期: 2024-07-02 22:15 修改: 2024-07-08 14:17
stdlib	CVE-2024-34155	中危	1.22.2	1.22.7, 1.23.1	go/parser: golang: Calling any of the Parse functions containing deeply nested literals can cause a panic/stack exhaustion 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-34155 镜像层: sha256:5e3a6c113046c7de4fc8a293052c4e1506aa2ffe2d47431e366d324550ab829a 发布日期: 2024-09-06 21:15 修改: 2024-11-04 17:35
stdlib	CVE-2024-34158	中危	1.22.2	1.22.7, 1.23.1	go/build/constraint: golang: Calling Parse on a "// +build" build tag line with deeply nested expressions can cause a panic due to stack exhaustion 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-34158 镜像层: sha256:5e3a6c113046c7de4fc8a293052c4e1506aa2ffe2d47431e366d324550ab829a 发布日期: 2024-09-06 21:15 修改: 2024-09-09 14:35

usr/local/bin/gitaly-wrapper (gobinary)

低危漏洞:0

中危漏洞:4

高危漏洞:3

严重漏洞:1

软件包	漏洞	安全状态	安装版本	修复版本	漏洞信息
stdlib	CVE-2024-24790	严重	1.22.2	1.21.11, 1.22.4	golang: net/netip: Unexpected behavior from Is methods for IPv4-mapped IPv6 addresses 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-24790 镜像层: sha256:5e3a6c113046c7de4fc8a293052c4e1506aa2ffe2d47431e366d324550ab829a 发布日期: 2024-06-05 16:15 修改: 2024-09-03 18:35
golang.org/x/net	CVE-2024-45338	高危	v0.24.0	0.33.0	golang.org/x/net/html: Non-linear parsing of case-insensitive content in golang.org/x/net/html 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-45338 镜像层: sha256:5e3a6c113046c7de4fc8a293052c4e1506aa2ffe2d47431e366d324550ab829a 发布日期: 2024-12-18 21:15 修改: 2024-12-31 20:16
stdlib	CVE-2024-24788	高危	1.22.2	1.22.3	golang: net: malformed DNS message can cause infinite loop 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-24788 镜像层: sha256:5e3a6c113046c7de4fc8a293052c4e1506aa2ffe2d47431e366d324550ab829a 发布日期: 2024-05-08 16:15 修改: 2024-06-14 13:15
stdlib	CVE-2024-34156	高危	1.22.2	1.22.7, 1.23.1	encoding/gob: golang: Calling Decoder.Decode on a message which contains deeply nested structures can cause a panic due to stack exhaustion 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-34156 镜像层: sha256:5e3a6c113046c7de4fc8a293052c4e1506aa2ffe2d47431e366d324550ab829a 发布日期: 2024-09-06 21:15 修改: 2024-09-09 15:35
stdlib	CVE-2024-24789	中危	1.22.2	1.21.11, 1.22.4	golang: archive/zip: Incorrect handling of certain ZIP files 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-24789 镜像层: sha256:5e3a6c113046c7de4fc8a293052c4e1506aa2ffe2d47431e366d324550ab829a 发布日期: 2024-06-05 16:15 修改: 2024-07-03 01:48
stdlib	CVE-2024-24791	中危	1.22.2	1.21.12, 1.22.5	net/http: Denial of service due to improper 100-continue handling in net/http 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-24791 镜像层: sha256:5e3a6c113046c7de4fc8a293052c4e1506aa2ffe2d47431e366d324550ab829a 发布日期: 2024-07-02 22:15 修改: 2024-07-08 14:17
stdlib	CVE-2024-34155	中危	1.22.2	1.22.7, 1.23.1	go/parser: golang: Calling any of the Parse functions containing deeply nested literals can cause a panic/stack exhaustion 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-34155 镜像层: sha256:5e3a6c113046c7de4fc8a293052c4e1506aa2ffe2d47431e366d324550ab829a 发布日期: 2024-09-06 21:15 修改: 2024-11-04 17:35
stdlib	CVE-2024-34158	中危	1.22.2	1.22.7, 1.23.1	go/build/constraint: golang: Calling Parse on a "// +build" build tag line with deeply nested expressions can cause a panic due to stack exhaustion 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-34158 镜像层: sha256:5e3a6c113046c7de4fc8a293052c4e1506aa2ffe2d47431e366d324550ab829a 发布日期: 2024-09-06 21:15 修改: 2024-09-09 14:35

usr/local/bin/gitlab-pages (gobinary)

低危漏洞:0

中危漏洞:6

高危漏洞:3

严重漏洞:2

软件包	漏洞	安全状态	安装版本	修复版本	漏洞信息
golang.org/x/crypto	CVE-2024-45337	严重	v0.18.0	0.31.0	golang.org/x/crypto/ssh: Misuse of ServerConfig.PublicKeyCallback may cause authorization bypass in golang.org/x/crypto 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-45337 镜像层: sha256:5e3a6c113046c7de4fc8a293052c4e1506aa2ffe2d47431e366d324550ab829a 发布日期: 2024-12-12 02:02 修改: 2024-12-12 21:15
stdlib	CVE-2024-24790	严重	1.22.2	1.21.11, 1.22.4	golang: net/netip: Unexpected behavior from Is methods for IPv4-mapped IPv6 addresses 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-24790 镜像层: sha256:5e3a6c113046c7de4fc8a293052c4e1506aa2ffe2d47431e366d324550ab829a 发布日期: 2024-06-05 16:15 修改: 2024-09-03 18:35
golang.org/x/net	CVE-2024-45338	高危	v0.20.0	0.33.0	golang.org/x/net/html: Non-linear parsing of case-insensitive content in golang.org/x/net/html 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-45338 镜像层: sha256:5e3a6c113046c7de4fc8a293052c4e1506aa2ffe2d47431e366d324550ab829a 发布日期: 2024-12-18 21:15 修改: 2024-12-31 20:16
stdlib	CVE-2024-24788	高危	1.22.2	1.22.3	golang: net: malformed DNS message can cause infinite loop 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-24788 镜像层: sha256:5e3a6c113046c7de4fc8a293052c4e1506aa2ffe2d47431e366d324550ab829a 发布日期: 2024-05-08 16:15 修改: 2024-06-14 13:15
stdlib	CVE-2024-34156	高危	1.22.2	1.22.7, 1.23.1	encoding/gob: golang: Calling Decoder.Decode on a message which contains deeply nested structures can cause a panic due to stack exhaustion 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-34156 镜像层: sha256:5e3a6c113046c7de4fc8a293052c4e1506aa2ffe2d47431e366d324550ab829a 发布日期: 2024-09-06 21:15 修改: 2024-09-09 15:35
google.golang.org/protobuf	CVE-2024-24786	中危	v1.31.0	1.33.0	golang-protobuf: encoding/protojson, internal/encoding/json: infinite loop in protojson.Unmarshal when unmarshaling certain forms of invalid JSON 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-24786 镜像层: sha256:5e3a6c113046c7de4fc8a293052c4e1506aa2ffe2d47431e366d324550ab829a 发布日期: 2024-03-05 23:15 修改: 2024-11-07 17:35
golang.org/x/net	CVE-2023-45288	中危	v0.20.0	0.23.0	golang: net/http, x/net/http2: unlimited number of CONTINUATION frames causes DoS 漏洞详情: https://avd.aquasec.com/nvd/cve-2023-45288 镜像层: sha256:5e3a6c113046c7de4fc8a293052c4e1506aa2ffe2d47431e366d324550ab829a 发布日期: 2024-04-04 21:15 修改: 2024-08-26 21:35
stdlib	CVE-2024-24789	中危	1.22.2	1.21.11, 1.22.4	golang: archive/zip: Incorrect handling of certain ZIP files 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-24789 镜像层: sha256:5e3a6c113046c7de4fc8a293052c4e1506aa2ffe2d47431e366d324550ab829a 发布日期: 2024-06-05 16:15 修改: 2024-07-03 01:48
stdlib	CVE-2024-24791	中危	1.22.2	1.21.12, 1.22.5	net/http: Denial of service due to improper 100-continue handling in net/http 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-24791 镜像层: sha256:5e3a6c113046c7de4fc8a293052c4e1506aa2ffe2d47431e366d324550ab829a 发布日期: 2024-07-02 22:15 修改: 2024-07-08 14:17
stdlib	CVE-2024-34155	中危	1.22.2	1.22.7, 1.23.1	go/parser: golang: Calling any of the Parse functions containing deeply nested literals can cause a panic/stack exhaustion 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-34155 镜像层: sha256:5e3a6c113046c7de4fc8a293052c4e1506aa2ffe2d47431e366d324550ab829a 发布日期: 2024-09-06 21:15 修改: 2024-11-04 17:35
stdlib	CVE-2024-34158	中危	1.22.2	1.22.7, 1.23.1	go/build/constraint: golang: Calling Parse on a "// +build" build tag line with deeply nested expressions can cause a panic due to stack exhaustion 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-34158 镜像层: sha256:5e3a6c113046c7de4fc8a293052c4e1506aa2ffe2d47431e366d324550ab829a 发布日期: 2024-09-06 21:15 修改: 2024-09-09 14:35

usr/local/bin/gitlab-resize-image (gobinary)

低危漏洞:1

中危漏洞:4

高危漏洞:3

严重漏洞:1

软件包	漏洞	安全状态	安装版本	修复版本	漏洞信息
stdlib	CVE-2024-24790	严重	1.22.2	1.21.11, 1.22.4	golang: net/netip: Unexpected behavior from Is methods for IPv4-mapped IPv6 addresses 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-24790 镜像层: sha256:5e3a6c113046c7de4fc8a293052c4e1506aa2ffe2d47431e366d324550ab829a 发布日期: 2024-06-05 16:15 修改: 2024-09-03 18:35
golang.org/x/image	CVE-2024-24792	高危	v0.14.0	0.18.0	Parsing a corrupt or malicious image with invalid color indices can ca ... 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-24792 镜像层: sha256:5e3a6c113046c7de4fc8a293052c4e1506aa2ffe2d47431e366d324550ab829a 发布日期: 2024-06-27 18:15 修改: 2024-08-01 13:47
stdlib	CVE-2024-24788	高危	1.22.2	1.22.3	golang: net: malformed DNS message can cause infinite loop 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-24788 镜像层: sha256:5e3a6c113046c7de4fc8a293052c4e1506aa2ffe2d47431e366d324550ab829a 发布日期: 2024-05-08 16:15 修改: 2024-06-14 13:15
stdlib	CVE-2024-34156	高危	1.22.2	1.22.7, 1.23.1	encoding/gob: golang: Calling Decoder.Decode on a message which contains deeply nested structures can cause a panic due to stack exhaustion 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-34156 镜像层: sha256:5e3a6c113046c7de4fc8a293052c4e1506aa2ffe2d47431e366d324550ab829a 发布日期: 2024-09-06 21:15 修改: 2024-09-09 15:35
stdlib	CVE-2024-24789	中危	1.22.2	1.21.11, 1.22.4	golang: archive/zip: Incorrect handling of certain ZIP files 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-24789 镜像层: sha256:5e3a6c113046c7de4fc8a293052c4e1506aa2ffe2d47431e366d324550ab829a 发布日期: 2024-06-05 16:15 修改: 2024-07-03 01:48
stdlib	CVE-2024-24791	中危	1.22.2	1.21.12, 1.22.5	net/http: Denial of service due to improper 100-continue handling in net/http 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-24791 镜像层: sha256:5e3a6c113046c7de4fc8a293052c4e1506aa2ffe2d47431e366d324550ab829a 发布日期: 2024-07-02 22:15 修改: 2024-07-08 14:17
stdlib	CVE-2024-34155	中危	1.22.2	1.22.7, 1.23.1	go/parser: golang: Calling any of the Parse functions containing deeply nested literals can cause a panic/stack exhaustion 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-34155 镜像层: sha256:5e3a6c113046c7de4fc8a293052c4e1506aa2ffe2d47431e366d324550ab829a 发布日期: 2024-09-06 21:15 修改: 2024-11-04 17:35
stdlib	CVE-2024-34158	中危	1.22.2	1.22.7, 1.23.1	go/build/constraint: golang: Calling Parse on a "// +build" build tag line with deeply nested expressions can cause a panic due to stack exhaustion 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-34158 镜像层: sha256:5e3a6c113046c7de4fc8a293052c4e1506aa2ffe2d47431e366d324550ab829a 发布日期: 2024-09-06 21:15 修改: 2024-09-09 14:35
github.com/disintegration/imaging	CVE-2023-36308	低危	v1.6.2		disintegration Imaging 1.6.2 allows attackers to cause a panic (becaus ... 漏洞详情: https://avd.aquasec.com/nvd/cve-2023-36308 镜像层: sha256:5e3a6c113046c7de4fc8a293052c4e1506aa2ffe2d47431e366d324550ab829a 发布日期: 2023-09-05 04:15 修改: 2024-08-02 17:16

usr/local/bin/gitlab-workhorse (gobinary)

低危漏洞:0

中危漏洞:7

高危漏洞:4

严重漏洞:2

软件包	漏洞	安全状态	安装版本	修复版本	漏洞信息
golang.org/x/crypto	CVE-2024-45337	严重	v0.18.0	0.31.0	golang.org/x/crypto/ssh: Misuse of ServerConfig.PublicKeyCallback may cause authorization bypass in golang.org/x/crypto 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-45337 镜像层: sha256:5e3a6c113046c7de4fc8a293052c4e1506aa2ffe2d47431e366d324550ab829a 发布日期: 2024-12-12 02:02 修改: 2024-12-12 21:15
stdlib	CVE-2024-24790	严重	1.22.2	1.21.11, 1.22.4	golang: net/netip: Unexpected behavior from Is methods for IPv4-mapped IPv6 addresses 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-24790 镜像层: sha256:5e3a6c113046c7de4fc8a293052c4e1506aa2ffe2d47431e366d324550ab829a 发布日期: 2024-06-05 16:15 修改: 2024-09-03 18:35
golang.org/x/net	CVE-2024-45338	高危	v0.20.0	0.33.0	golang.org/x/net/html: Non-linear parsing of case-insensitive content in golang.org/x/net/html 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-45338 镜像层: sha256:5e3a6c113046c7de4fc8a293052c4e1506aa2ffe2d47431e366d324550ab829a 发布日期: 2024-12-18 21:15 修改: 2024-12-31 20:16
golang.org/x/image	CVE-2024-24792	高危	v0.14.0	0.18.0	Parsing a corrupt or malicious image with invalid color indices can ca ... 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-24792 镜像层: sha256:5e3a6c113046c7de4fc8a293052c4e1506aa2ffe2d47431e366d324550ab829a 发布日期: 2024-06-27 18:15 修改: 2024-08-01 13:47
stdlib	CVE-2024-24788	高危	1.22.2	1.22.3	golang: net: malformed DNS message can cause infinite loop 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-24788 镜像层: sha256:5e3a6c113046c7de4fc8a293052c4e1506aa2ffe2d47431e366d324550ab829a 发布日期: 2024-05-08 16:15 修改: 2024-06-14 13:15
stdlib	CVE-2024-34156	高危	1.22.2	1.22.7, 1.23.1	encoding/gob: golang: Calling Decoder.Decode on a message which contains deeply nested structures can cause a panic due to stack exhaustion 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-34156 镜像层: sha256:5e3a6c113046c7de4fc8a293052c4e1506aa2ffe2d47431e366d324550ab829a 发布日期: 2024-09-06 21:15 修改: 2024-09-09 15:35
github.com/Azure/azure-sdk-for-go/sdk/azidentity	CVE-2024-35255	中危	v1.4.0	1.6.0	azure-identity: Azure Identity Libraries Elevation of Privilege Vulnerability in github.com/Azure/azure-sdk-for-go/sdk/azidentity 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-35255 镜像层: sha256:5e3a6c113046c7de4fc8a293052c4e1506aa2ffe2d47431e366d324550ab829a 发布日期: 2024-06-11 17:16 修改: 2024-06-20 16:31
golang.org/x/net	CVE-2023-45288	中危	v0.20.0	0.23.0	golang: net/http, x/net/http2: unlimited number of CONTINUATION frames causes DoS 漏洞详情: https://avd.aquasec.com/nvd/cve-2023-45288 镜像层: sha256:5e3a6c113046c7de4fc8a293052c4e1506aa2ffe2d47431e366d324550ab829a 发布日期: 2024-04-04 21:15 修改: 2024-08-26 21:35
google.golang.org/protobuf	CVE-2024-24786	中危	v1.32.0	1.33.0	golang-protobuf: encoding/protojson, internal/encoding/json: infinite loop in protojson.Unmarshal when unmarshaling certain forms of invalid JSON 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-24786 镜像层: sha256:5e3a6c113046c7de4fc8a293052c4e1506aa2ffe2d47431e366d324550ab829a 发布日期: 2024-03-05 23:15 修改: 2024-11-07 17:35
stdlib	CVE-2024-24789	中危	1.22.2	1.21.11, 1.22.4	golang: archive/zip: Incorrect handling of certain ZIP files 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-24789 镜像层: sha256:5e3a6c113046c7de4fc8a293052c4e1506aa2ffe2d47431e366d324550ab829a 发布日期: 2024-06-05 16:15 修改: 2024-07-03 01:48
stdlib	CVE-2024-24791	中危	1.22.2	1.21.12, 1.22.5	net/http: Denial of service due to improper 100-continue handling in net/http 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-24791 镜像层: sha256:5e3a6c113046c7de4fc8a293052c4e1506aa2ffe2d47431e366d324550ab829a 发布日期: 2024-07-02 22:15 修改: 2024-07-08 14:17
stdlib	CVE-2024-34155	中危	1.22.2	1.22.7, 1.23.1	go/parser: golang: Calling any of the Parse functions containing deeply nested literals can cause a panic/stack exhaustion 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-34155 镜像层: sha256:5e3a6c113046c7de4fc8a293052c4e1506aa2ffe2d47431e366d324550ab829a 发布日期: 2024-09-06 21:15 修改: 2024-11-04 17:35
stdlib	CVE-2024-34158	中危	1.22.2	1.22.7, 1.23.1	go/build/constraint: golang: Calling Parse on a "// +build" build tag line with deeply nested expressions can cause a panic due to stack exhaustion 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-34158 镜像层: sha256:5e3a6c113046c7de4fc8a293052c4e1506aa2ffe2d47431e366d324550ab829a 发布日期: 2024-09-06 21:15 修改: 2024-09-09 14:35

usr/local/bin/gitlab-zip-cat (gobinary)

低危漏洞:0

中危漏洞:4

高危漏洞:2

严重漏洞:1

软件包	漏洞	安全状态	安装版本	修复版本	漏洞信息
stdlib	CVE-2024-24790	严重	1.22.2	1.21.11, 1.22.4	golang: net/netip: Unexpected behavior from Is methods for IPv4-mapped IPv6 addresses 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-24790 镜像层: sha256:5e3a6c113046c7de4fc8a293052c4e1506aa2ffe2d47431e366d324550ab829a 发布日期: 2024-06-05 16:15 修改: 2024-09-03 18:35
stdlib	CVE-2024-24788	高危	1.22.2	1.22.3	golang: net: malformed DNS message can cause infinite loop 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-24788 镜像层: sha256:5e3a6c113046c7de4fc8a293052c4e1506aa2ffe2d47431e366d324550ab829a 发布日期: 2024-05-08 16:15 修改: 2024-06-14 13:15
stdlib	CVE-2024-34156	高危	1.22.2	1.22.7, 1.23.1	encoding/gob: golang: Calling Decoder.Decode on a message which contains deeply nested structures can cause a panic due to stack exhaustion 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-34156 镜像层: sha256:5e3a6c113046c7de4fc8a293052c4e1506aa2ffe2d47431e366d324550ab829a 发布日期: 2024-09-06 21:15 修改: 2024-09-09 15:35
stdlib	CVE-2024-24789	中危	1.22.2	1.21.11, 1.22.4	golang: archive/zip: Incorrect handling of certain ZIP files 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-24789 镜像层: sha256:5e3a6c113046c7de4fc8a293052c4e1506aa2ffe2d47431e366d324550ab829a 发布日期: 2024-06-05 16:15 修改: 2024-07-03 01:48
stdlib	CVE-2024-24791	中危	1.22.2	1.21.12, 1.22.5	net/http: Denial of service due to improper 100-continue handling in net/http 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-24791 镜像层: sha256:5e3a6c113046c7de4fc8a293052c4e1506aa2ffe2d47431e366d324550ab829a 发布日期: 2024-07-02 22:15 修改: 2024-07-08 14:17
stdlib	CVE-2024-34155	中危	1.22.2	1.22.7, 1.23.1	go/parser: golang: Calling any of the Parse functions containing deeply nested literals can cause a panic/stack exhaustion 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-34155 镜像层: sha256:5e3a6c113046c7de4fc8a293052c4e1506aa2ffe2d47431e366d324550ab829a 发布日期: 2024-09-06 21:15 修改: 2024-11-04 17:35
stdlib	CVE-2024-34158	中危	1.22.2	1.22.7, 1.23.1	go/build/constraint: golang: Calling Parse on a "// +build" build tag line with deeply nested expressions can cause a panic due to stack exhaustion 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-34158 镜像层: sha256:5e3a6c113046c7de4fc8a293052c4e1506aa2ffe2d47431e366d324550ab829a 发布日期: 2024-09-06 21:15 修改: 2024-09-09 14:35

usr/local/bin/gitlab-zip-metadata (gobinary)

低危漏洞:0

中危漏洞:7

高危漏洞:3

严重漏洞:2

软件包	漏洞	安全状态	安装版本	修复版本	漏洞信息
golang.org/x/crypto	CVE-2024-45337	严重	v0.18.0	0.31.0	golang.org/x/crypto/ssh: Misuse of ServerConfig.PublicKeyCallback may cause authorization bypass in golang.org/x/crypto 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-45337 镜像层: sha256:5e3a6c113046c7de4fc8a293052c4e1506aa2ffe2d47431e366d324550ab829a 发布日期: 2024-12-12 02:02 修改: 2024-12-12 21:15
stdlib	CVE-2024-24790	严重	1.22.2	1.21.11, 1.22.4	golang: net/netip: Unexpected behavior from Is methods for IPv4-mapped IPv6 addresses 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-24790 镜像层: sha256:5e3a6c113046c7de4fc8a293052c4e1506aa2ffe2d47431e366d324550ab829a 发布日期: 2024-06-05 16:15 修改: 2024-09-03 18:35
golang.org/x/net	CVE-2024-45338	高危	v0.20.0	0.33.0	golang.org/x/net/html: Non-linear parsing of case-insensitive content in golang.org/x/net/html 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-45338 镜像层: sha256:5e3a6c113046c7de4fc8a293052c4e1506aa2ffe2d47431e366d324550ab829a 发布日期: 2024-12-18 21:15 修改: 2024-12-31 20:16
stdlib	CVE-2024-24788	高危	1.22.2	1.22.3	golang: net: malformed DNS message can cause infinite loop 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-24788 镜像层: sha256:5e3a6c113046c7de4fc8a293052c4e1506aa2ffe2d47431e366d324550ab829a 发布日期: 2024-05-08 16:15 修改: 2024-06-14 13:15
stdlib	CVE-2024-34156	高危	1.22.2	1.22.7, 1.23.1	encoding/gob: golang: Calling Decoder.Decode on a message which contains deeply nested structures can cause a panic due to stack exhaustion 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-34156 镜像层: sha256:5e3a6c113046c7de4fc8a293052c4e1506aa2ffe2d47431e366d324550ab829a 发布日期: 2024-09-06 21:15 修改: 2024-09-09 15:35
github.com/Azure/azure-sdk-for-go/sdk/azidentity	CVE-2024-35255	中危	v1.4.0	1.6.0	azure-identity: Azure Identity Libraries Elevation of Privilege Vulnerability in github.com/Azure/azure-sdk-for-go/sdk/azidentity 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-35255 镜像层: sha256:5e3a6c113046c7de4fc8a293052c4e1506aa2ffe2d47431e366d324550ab829a 发布日期: 2024-06-11 17:16 修改: 2024-06-20 16:31
golang.org/x/net	CVE-2023-45288	中危	v0.20.0	0.23.0	golang: net/http, x/net/http2: unlimited number of CONTINUATION frames causes DoS 漏洞详情: https://avd.aquasec.com/nvd/cve-2023-45288 镜像层: sha256:5e3a6c113046c7de4fc8a293052c4e1506aa2ffe2d47431e366d324550ab829a 发布日期: 2024-04-04 21:15 修改: 2024-08-26 21:35
google.golang.org/protobuf	CVE-2024-24786	中危	v1.32.0	1.33.0	golang-protobuf: encoding/protojson, internal/encoding/json: infinite loop in protojson.Unmarshal when unmarshaling certain forms of invalid JSON 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-24786 镜像层: sha256:5e3a6c113046c7de4fc8a293052c4e1506aa2ffe2d47431e366d324550ab829a 发布日期: 2024-03-05 23:15 修改: 2024-11-07 17:35
stdlib	CVE-2024-24789	中危	1.22.2	1.21.11, 1.22.4	golang: archive/zip: Incorrect handling of certain ZIP files 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-24789 镜像层: sha256:5e3a6c113046c7de4fc8a293052c4e1506aa2ffe2d47431e366d324550ab829a 发布日期: 2024-06-05 16:15 修改: 2024-07-03 01:48
stdlib	CVE-2024-24791	中危	1.22.2	1.21.12, 1.22.5	net/http: Denial of service due to improper 100-continue handling in net/http 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-24791 镜像层: sha256:5e3a6c113046c7de4fc8a293052c4e1506aa2ffe2d47431e366d324550ab829a 发布日期: 2024-07-02 22:15 修改: 2024-07-08 14:17
stdlib	CVE-2024-34155	中危	1.22.2	1.22.7, 1.23.1	go/parser: golang: Calling any of the Parse functions containing deeply nested literals can cause a panic/stack exhaustion 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-34155 镜像层: sha256:5e3a6c113046c7de4fc8a293052c4e1506aa2ffe2d47431e366d324550ab829a 发布日期: 2024-09-06 21:15 修改: 2024-11-04 17:35
stdlib	CVE-2024-34158	中危	1.22.2	1.22.7, 1.23.1	go/build/constraint: golang: Calling Parse on a "// +build" build tag line with deeply nested expressions can cause a panic due to stack exhaustion 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-34158 镜像层: sha256:5e3a6c113046c7de4fc8a293052c4e1506aa2ffe2d47431e366d324550ab829a 发布日期: 2024-09-06 21:15 修改: 2024-09-09 14:35

usr/local/bin/praefect (gobinary)

低危漏洞:1

中危漏洞:5

高危漏洞:4

严重漏洞:3

软件包	漏洞	安全状态	安装版本	修复版本	漏洞信息
github.com/go-git/go-git/v5	CVE-2025-21613	严重	v5.11.0	5.13.0	go-git: argument injection via the URL field 漏洞详情: https://avd.aquasec.com/nvd/cve-2025-21613 镜像层: sha256:5e3a6c113046c7de4fc8a293052c4e1506aa2ffe2d47431e366d324550ab829a 发布日期: 2025-01-06 17:15 修改: 2025-01-06 17:15
golang.org/x/crypto	CVE-2024-45337	严重	v0.22.0	0.31.0	golang.org/x/crypto/ssh: Misuse of ServerConfig.PublicKeyCallback may cause authorization bypass in golang.org/x/crypto 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-45337 镜像层: sha256:5e3a6c113046c7de4fc8a293052c4e1506aa2ffe2d47431e366d324550ab829a 发布日期: 2024-12-12 02:02 修改: 2024-12-12 21:15
stdlib	CVE-2024-24790	严重	1.22.2	1.21.11, 1.22.4	golang: net/netip: Unexpected behavior from Is methods for IPv4-mapped IPv6 addresses 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-24790 镜像层: sha256:5e3a6c113046c7de4fc8a293052c4e1506aa2ffe2d47431e366d324550ab829a 发布日期: 2024-06-05 16:15 修改: 2024-09-03 18:35
golang.org/x/net	CVE-2024-45338	高危	v0.24.0	0.33.0	golang.org/x/net/html: Non-linear parsing of case-insensitive content in golang.org/x/net/html 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-45338 镜像层: sha256:5e3a6c113046c7de4fc8a293052c4e1506aa2ffe2d47431e366d324550ab829a 发布日期: 2024-12-18 21:15 修改: 2024-12-31 20:16
github.com/go-git/go-git/v5	CVE-2025-21614	高危	v5.11.0	5.13.0	go-git: go-git clients vulnerable to DoS via maliciously crafted Git server replies 漏洞详情: https://avd.aquasec.com/nvd/cve-2025-21614 镜像层: sha256:5e3a6c113046c7de4fc8a293052c4e1506aa2ffe2d47431e366d324550ab829a 发布日期: 2025-01-06 17:15 修改: 2025-01-06 17:15
stdlib	CVE-2024-24788	高危	1.22.2	1.22.3	golang: net: malformed DNS message can cause infinite loop 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-24788 镜像层: sha256:5e3a6c113046c7de4fc8a293052c4e1506aa2ffe2d47431e366d324550ab829a 发布日期: 2024-05-08 16:15 修改: 2024-06-14 13:15
stdlib	CVE-2024-34156	高危	1.22.2	1.22.7, 1.23.1	encoding/gob: golang: Calling Decoder.Decode on a message which contains deeply nested structures can cause a panic due to stack exhaustion 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-34156 镜像层: sha256:5e3a6c113046c7de4fc8a293052c4e1506aa2ffe2d47431e366d324550ab829a 发布日期: 2024-09-06 21:15 修改: 2024-09-09 15:35
github.com/Azure/azure-sdk-for-go/sdk/azidentity	CVE-2024-35255	中危	v1.3.0	1.6.0	azure-identity: Azure Identity Libraries Elevation of Privilege Vulnerability in github.com/Azure/azure-sdk-for-go/sdk/azidentity 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-35255 镜像层: sha256:5e3a6c113046c7de4fc8a293052c4e1506aa2ffe2d47431e366d324550ab829a 发布日期: 2024-06-11 17:16 修改: 2024-06-20 16:31
stdlib	CVE-2024-24789	中危	1.22.2	1.21.11, 1.22.4	golang: archive/zip: Incorrect handling of certain ZIP files 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-24789 镜像层: sha256:5e3a6c113046c7de4fc8a293052c4e1506aa2ffe2d47431e366d324550ab829a 发布日期: 2024-06-05 16:15 修改: 2024-07-03 01:48
stdlib	CVE-2024-24791	中危	1.22.2	1.21.12, 1.22.5	net/http: Denial of service due to improper 100-continue handling in net/http 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-24791 镜像层: sha256:5e3a6c113046c7de4fc8a293052c4e1506aa2ffe2d47431e366d324550ab829a 发布日期: 2024-07-02 22:15 修改: 2024-07-08 14:17
stdlib	CVE-2024-34155	中危	1.22.2	1.22.7, 1.23.1	go/parser: golang: Calling any of the Parse functions containing deeply nested literals can cause a panic/stack exhaustion 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-34155 镜像层: sha256:5e3a6c113046c7de4fc8a293052c4e1506aa2ffe2d47431e366d324550ab829a 发布日期: 2024-09-06 21:15 修改: 2024-11-04 17:35
stdlib	CVE-2024-34158	中危	1.22.2	1.22.7, 1.23.1	go/build/constraint: golang: Calling Parse on a "// +build" build tag line with deeply nested expressions can cause a panic due to stack exhaustion 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-34158 镜像层: sha256:5e3a6c113046c7de4fc8a293052c4e1506aa2ffe2d47431e366d324550ab829a 发布日期: 2024-09-06 21:15 修改: 2024-09-09 14:35
github.com/golang-jwt/jwt/v4	CVE-2024-51744	低危	v4.5.0	4.5.1	golang-jwt: Bad documentation of error handling in ParseWithClaims can lead to potentially dangerous situations in golang-jwt 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-51744 镜像层: sha256:5e3a6c113046c7de4fc8a293052c4e1506aa2ffe2d47431e366d324550ab829a 发布日期: 2024-11-04 22:15 修改: 2024-11-05 16:04

/etc/ssl/private/ssl-cert-snakeoil.key ()

低危漏洞:0

中危漏洞:0

高危漏洞:0

严重漏洞:0

软件包	漏洞	安全状态	安装版本	修复版本	漏洞信息

/home/git/gitlab/app/models/integrations/prometheus.rb ()

低危漏洞:0

中危漏洞:0

高危漏洞:0

严重漏洞:0

软件包	漏洞	安全状态	安装版本	修复版本	漏洞信息

/home/git/gitlab/spec/frontend/issuable/issuable_form_spec.js ()

低危漏洞:0

中危漏洞:0

高危漏洞:0

严重漏洞:0

软件包	漏洞	安全状态	安装版本	修复版本	漏洞信息

/home/git/gitlab/spec/frontend/diffs/store/actions_spec.js ()

低危漏洞:0

中危漏洞:0

高危漏洞:0

严重漏洞:0

软件包	漏洞	安全状态	安装版本	修复版本	漏洞信息

/home/git/gitlab/spec/lib/gitlab/auth/ldap/config_spec.rb ()

低危漏洞:0

中危漏洞:0

高危漏洞:0

严重漏洞:0

软件包	漏洞	安全状态	安装版本	修复版本	漏洞信息

/home/git/gitlab/spec/lib/gitlab/middleware/handle_malformed_strings_spec.rb ()

低危漏洞:0

中危漏洞:0

高危漏洞:0

严重漏洞:0

软件包	漏洞	安全状态	安装版本	修复版本	漏洞信息

/home/git/gitlab/config/gitleaks.toml ()

低危漏洞:0

中危漏洞:0

高危漏洞:0

严重漏洞:0

软件包	漏洞	安全状态	安装版本	修复版本	漏洞信息

/home/git/gitlab/spec/features/profiles/user_edit_profile_spec.rb ()

低危漏洞:0

中危漏洞:0

高危漏洞:0

严重漏洞:0

软件包	漏洞	安全状态	安装版本	修复版本	漏洞信息

/home/git/gitlab/spec/features/projects/integrations/user_activates_slack_notifications_spec.rb ()

低危漏洞:0

中危漏洞:0

高危漏洞:0

严重漏洞:0

软件包	漏洞	安全状态	安装版本	修复版本	漏洞信息

/home/git/gitlab/spec/fixtures/clusters/sample_key.key ()

低危漏洞:0

中危漏洞:0

高危漏洞:0

严重漏洞:0

软件包	漏洞	安全状态	安装版本	修复版本	漏洞信息

/home/git/gitlab/spec/fixtures/service_account.json ()

低危漏洞:0

中危漏洞:0

高危漏洞:0

严重漏洞:0

软件包	漏洞	安全状态	安装版本	修复版本	漏洞信息

/home/git/gitlab/spec/lib/json_web_token/rsa_token_spec.rb ()

低危漏洞:0

中危漏洞:0

高危漏洞:0

严重漏洞:0

软件包	漏洞	安全状态	安装版本	修复版本	漏洞信息

/home/git/gitlab/spec/fixtures/auth_key.p8 ()

低危漏洞:0

中危漏洞:0

高危漏洞:0

严重漏洞:0

软件包	漏洞	安全状态	安装版本	修复版本	漏洞信息

/home/git/gitlab/spec/fixtures/ssl_key.pem ()

低危漏洞:0

中危漏洞:0

高危漏洞:0

严重漏洞:0

软件包	漏洞	安全状态	安装版本	修复版本	漏洞信息

/home/git/gitlab/spec/frontend/notes/components/noteable_note_spec.js ()

低危漏洞:0

中危漏洞:0

高危漏洞:0

严重漏洞:0

软件包	漏洞	安全状态	安装版本	修复版本	漏洞信息

/etc/ssh/ssh_host_ed25519_key ()

低危漏洞:0

中危漏洞:0

高危漏洞:0

严重漏洞:0

软件包	漏洞	安全状态	安装版本	修复版本	漏洞信息

/home/git/gitlab/app/models/integrations/diffblue_cover.rb ()

低危漏洞:0

中危漏洞:0

高危漏洞:0

严重漏洞:0

软件包	漏洞	安全状态	安装版本	修复版本	漏洞信息

/home/git/gitlab/spec/frontend/lib/utils/secret_detection_spec.js ()

低危漏洞:0

中危漏洞:0

高危漏洞:0

严重漏洞:0

软件包	漏洞	安全状态	安装版本	修复版本	漏洞信息

/home/git/gitlab/spec/support/helpers/gpg_helpers.rb ()

低危漏洞:0

中危漏洞:0

高危漏洞:0

严重漏洞:0

软件包	漏洞	安全状态	安装版本	修复版本	漏洞信息

/etc/ssh/ssh_host_ecdsa_key ()

低危漏洞:0

中危漏洞:0

高危漏洞:0

严重漏洞:0

软件包	漏洞	安全状态	安装版本	修复版本	漏洞信息

/home/git/gitlab/config/secrets.yml ()

低危漏洞:0

中危漏洞:0

高危漏洞:0

严重漏洞:0

软件包	漏洞	安全状态	安装版本	修复版本	漏洞信息

/home/git/gitlab/spec/fixtures/x509_certificate_pk.key ()

低危漏洞:0

中危漏洞:0

高危漏洞:0

严重漏洞:0

软件包	漏洞	安全状态	安装版本	修复版本	漏洞信息

/etc/ssh/ssh_host_rsa_key ()

低危漏洞:0

中危漏洞:0

高危漏洞:0

严重漏洞:0

软件包	漏洞	安全状态	安装版本	修复版本	漏洞信息

/home/git/gitlab/gems/gitlab-secret_detection/spec/lib/gitlab/secret_detection/scan_spec.rb ()

低危漏洞:0

中危漏洞:0

高危漏洞:0

严重漏洞:0

软件包	漏洞	安全状态	安装版本	修复版本	漏洞信息

/home/git/gitlab/qa/tls_certificates/client/client.key ()

低危漏洞:0

中危漏洞:0

高危漏洞:0

严重漏洞:0

软件包	漏洞	安全状态	安装版本	修复版本	漏洞信息

/home/git/gitlab/spec/models/integrations/prometheus_spec.rb ()

低危漏洞:0

中危漏洞:0

高危漏洞:0

严重漏洞:0

软件包	漏洞	安全状态	安装版本	修复版本	漏洞信息

/home/git/gitlab/spec/frontend/notes/components/comment_form_spec.js ()

低危漏洞:0

中危漏洞:0

高危漏洞:0

严重漏洞:0

软件包	漏洞	安全状态	安装版本	修复版本	漏洞信息

/home/git/gitlab/spec/models/integrations/diffblue_cover_spec.rb ()

低危漏洞:0

中危漏洞:0

高危漏洞:0

严重漏洞:0

软件包	漏洞	安全状态	安装版本	修复版本	漏洞信息

/home/git/gitlab/spec/factories/pages_domains.rb ()

低危漏洞:0

中危漏洞:0

高危漏洞:0

严重漏洞:0

软件包	漏洞	安全状态	安装版本	修复版本	漏洞信息

/home/git/gitlab/lib/api/helpers/integrations_helpers.rb ()

低危漏洞:0

中危漏洞:0

高危漏洞:0

严重漏洞:0

软件包	漏洞	安全状态	安装版本	修复版本	漏洞信息

/home/git/gitlab/qa/tls_certificates/authority/ca.key ()

低危漏洞:0

中危漏洞:0

高危漏洞:0

严重漏洞:0

软件包	漏洞	安全状态	安装版本	修复版本	漏洞信息

/home/git/gitlab/qa/tls_certificates/authority/ca.pem ()

低危漏洞:0

中危漏洞:0

高危漏洞:0

严重漏洞:0

软件包	漏洞	安全状态	安装版本	修复版本	漏洞信息

/home/git/gitlab/qa/tls_certificates/client/client.pem ()

低危漏洞:0

中危漏洞:0

高危漏洞:0

严重漏洞:0

软件包	漏洞	安全状态	安装版本	修复版本	漏洞信息

/home/git/gitlab/spec/factories/integrations.rb ()

低危漏洞:0

中危漏洞:0

高危漏洞:0

严重漏洞:0

软件包	漏洞	安全状态	安装版本	修复版本	漏洞信息

docker.io/sameersbn/gitlab:16.9.6 linux/amd64

全部漏洞信息

docker.io/sameersbn/gitlab:16.9.6 (ubuntu 20.04) (ubuntu)

Java (jar)

Node.js (node-pkg)

Ruby (gemspec)

home/git/gitlab-shell/bin/check (gobinary)

home/git/gitlab-shell/bin/gitlab-shell (gobinary)

home/git/gitlab-shell/bin/gitlab-shell-authorized-keys-check (gobinary)

home/git/gitlab-shell/bin/gitlab-shell-authorized-principals-check (gobinary)

home/git/gitlab-shell/bin/gitlab-sshd (gobinary)

home/git/gitlab/vendor/bundle/ruby/3.2.0/gems/devfile-0.0.25.pre.alpha1-x86_64-linux/bin/devfile (gobinary)

home/git/gitlab/vendor/bundle/ruby/3.2.0/gems/gitlab-glfm-markdown-0.0.12-x86_64-linux/Cargo.lock (cargo)

home/git/gitlab/vendor/bundle/ruby/3.2.0/gems/prometheus-client-mmap-1.1.1-x86_64-linux/ext/fast_mmaped_file_rs/Cargo.lock (cargo)

usr/local/bin/gitaly (gobinary)

usr/local/bin/gitaly-backup (gobinary)

usr/local/bin/gitaly-blackbox (gobinary)

usr/local/bin/gitaly-debug (gobinary)

usr/local/bin/gitaly-wrapper (gobinary)

usr/local/bin/gitlab-pages (gobinary)

usr/local/bin/gitlab-resize-image (gobinary)

usr/local/bin/gitlab-workhorse (gobinary)

usr/local/bin/gitlab-zip-cat (gobinary)

usr/local/bin/gitlab-zip-metadata (gobinary)

usr/local/bin/praefect (gobinary)

/etc/ssl/private/ssl-cert-snakeoil.key ()

/home/git/gitlab/app/models/integrations/prometheus.rb ()

/home/git/gitlab/spec/frontend/issuable/issuable_form_spec.js ()

/home/git/gitlab/spec/frontend/diffs/store/actions_spec.js ()

/home/git/gitlab/spec/lib/gitlab/auth/ldap/config_spec.rb ()

/home/git/gitlab/spec/lib/gitlab/middleware/handle_malformed_strings_spec.rb ()

/home/git/gitlab/config/gitleaks.toml ()

/home/git/gitlab/spec/features/profiles/user_edit_profile_spec.rb ()

/home/git/gitlab/spec/features/projects/integrations/user_activates_slack_notifications_spec.rb ()

/home/git/gitlab/spec/fixtures/clusters/sample_key.key ()

/home/git/gitlab/spec/fixtures/service_account.json ()

/home/git/gitlab/spec/lib/json_web_token/rsa_token_spec.rb ()

/home/git/gitlab/spec/fixtures/auth_key.p8 ()

/home/git/gitlab/spec/fixtures/ssl_key.pem ()

/home/git/gitlab/spec/frontend/notes/components/noteable_note_spec.js ()

/etc/ssh/ssh_host_ed25519_key ()

/home/git/gitlab/app/models/integrations/diffblue_cover.rb ()

/home/git/gitlab/spec/frontend/lib/utils/secret_detection_spec.js ()

/home/git/gitlab/spec/support/helpers/gpg_helpers.rb ()

/etc/ssh/ssh_host_ecdsa_key ()

/home/git/gitlab/config/secrets.yml ()

/home/git/gitlab/spec/fixtures/x509_certificate_pk.key ()

/etc/ssh/ssh_host_rsa_key ()

/home/git/gitlab/gems/gitlab-secret_detection/spec/lib/gitlab/secret_detection/scan_spec.rb ()

/home/git/gitlab/qa/tls_certificates/client/client.key ()

/home/git/gitlab/spec/models/integrations/prometheus_spec.rb ()

/home/git/gitlab/spec/frontend/notes/components/comment_form_spec.js ()

/home/git/gitlab/spec/models/integrations/diffblue_cover_spec.rb ()

/home/git/gitlab/spec/factories/pages_domains.rb ()

/home/git/gitlab/lib/api/helpers/integrations_helpers.rb ()

/home/git/gitlab/qa/tls_certificates/authority/ca.key ()

/home/git/gitlab/qa/tls_certificates/authority/ca.pem ()

/home/git/gitlab/qa/tls_certificates/client/client.pem ()

/home/git/gitlab/spec/factories/integrations.rb ()