docker.io/whyour/qinglong:2.10.13 linux/amd64

docker.io/whyour/qinglong:2.10.13 - Trivy安全扫描结果 扫描时间: 2024-11-14 15:53
全部漏洞信息
低危漏洞:5 中危漏洞:23 高危漏洞:58 严重漏洞:20

系统OS: alpine 3.12.9 扫描引擎: Trivy 扫描时间: 2024-11-14 15:53

docker.io/whyour/qinglong:2.10.13 (alpine 3.12.9) (alpine)
低危漏洞:0 中危漏洞:5 高危漏洞:21 严重漏洞:8
软件包 漏洞 安全状态 安装版本 修复版本 漏洞信息
expat CVE-2022-22822 严重 2.2.9-r1 2.2.10-r0 expat: Integer overflow in addBinding in xmlparse.c

漏洞详情: https://avd.aquasec.com/nvd/cve-2022-22822

镜像层: sha256:ef761b3e942fcadb30dd4eae80f2d0405ff85c59d549f61f3d3f5fa72b3286a3

发布日期: 2022-01-10 14:12 修改: 2022-10-06 15:29
expat CVE-2022-22823 严重 2.2.9-r1 2.2.10-r0 expat: Integer overflow in build_model in xmlparse.c

漏洞详情: https://avd.aquasec.com/nvd/cve-2022-22823

镜像层: sha256:ef761b3e942fcadb30dd4eae80f2d0405ff85c59d549f61f3d3f5fa72b3286a3

发布日期: 2022-01-10 14:12 修改: 2022-10-06 14:47
expat CVE-2022-22824 严重 2.2.9-r1 2.2.10-r0 expat: Integer overflow in defineAttribute in xmlparse.c

漏洞详情: https://avd.aquasec.com/nvd/cve-2022-22824

镜像层: sha256:ef761b3e942fcadb30dd4eae80f2d0405ff85c59d549f61f3d3f5fa72b3286a3

发布日期: 2022-01-10 14:12 修改: 2022-10-06 14:47
expat CVE-2022-23852 严重 2.2.9-r1 2.2.10-r1 expat: Integer overflow in function XML_GetBuffer

漏洞详情: https://avd.aquasec.com/nvd/cve-2022-23852

镜像层: sha256:ef761b3e942fcadb30dd4eae80f2d0405ff85c59d549f61f3d3f5fa72b3286a3

发布日期: 2022-01-24 02:15 修改: 2022-10-29 02:44
expat CVE-2022-25235 严重 2.2.9-r1 2.2.10-r2 expat: Malformed 2- and 3-byte UTF-8 sequences can lead to arbitrary code execution

漏洞详情: https://avd.aquasec.com/nvd/cve-2022-25235

镜像层: sha256:ef761b3e942fcadb30dd4eae80f2d0405ff85c59d549f61f3d3f5fa72b3286a3

发布日期: 2022-02-16 01:15 修改: 2023-11-07 03:44
expat CVE-2022-25236 严重 2.2.9-r1 2.2.10-r2 expat: Namespace-separator characters in "xmlns[:prefix]" attribute values can lead to arbitrary code execution

漏洞详情: https://avd.aquasec.com/nvd/cve-2022-25236

镜像层: sha256:ef761b3e942fcadb30dd4eae80f2d0405ff85c59d549f61f3d3f5fa72b3286a3

发布日期: 2022-02-16 01:15 修改: 2023-11-07 03:44
expat CVE-2022-25315 严重 2.2.9-r1 2.2.10-r2 expat: Integer overflow in storeRawNames()

漏洞详情: https://avd.aquasec.com/nvd/cve-2022-25315

镜像层: sha256:ef761b3e942fcadb30dd4eae80f2d0405ff85c59d549f61f3d3f5fa72b3286a3

发布日期: 2022-02-18 05:15 修改: 2023-11-07 03:44
zlib CVE-2022-37434 严重 1.2.11-r3 1.2.12-r2 zlib: heap-based buffer over-read and overflow in inflate() in inflate.c via a large gzip header extra field

漏洞详情: https://avd.aquasec.com/nvd/cve-2022-37434

镜像层: sha256:eb4bde6b29a6746e0779f80a09ca6f0806de61475059f7d56d6e20f6cc2e15f7

发布日期: 2022-08-05 07:15 修改: 2023-07-19 00:56
curl CVE-2022-27775 高危 7.79.1-r0 7.79.1-r1 curl: bad local IPv6 connection reuse

漏洞详情: https://avd.aquasec.com/nvd/cve-2022-27775

镜像层: sha256:ef761b3e942fcadb30dd4eae80f2d0405ff85c59d549f61f3d3f5fa72b3286a3

发布日期: 2022-06-02 14:15 修改: 2024-03-27 15:02
busybox CVE-2022-28391 高危 1.31.1-r21 1.31.1-r22 busybox: remote attackers may execute arbitrary code if netstat is used

漏洞详情: https://avd.aquasec.com/nvd/cve-2022-28391

镜像层: sha256:eb4bde6b29a6746e0779f80a09ca6f0806de61475059f7d56d6e20f6cc2e15f7

发布日期: 2022-04-03 21:15 修改: 2022-08-11 18:44
expat CVE-2021-45960 高危 2.2.9-r1 2.2.10-r0 expat: Large number of prefixed XML attributes on a single tag can crash libexpat

漏洞详情: https://avd.aquasec.com/nvd/cve-2021-45960

镜像层: sha256:ef761b3e942fcadb30dd4eae80f2d0405ff85c59d549f61f3d3f5fa72b3286a3

发布日期: 2022-01-01 19:15 修改: 2022-10-06 19:08
expat CVE-2021-46143 高危 2.2.9-r1 2.2.10-r0 expat: Integer overflow in doProlog in xmlparse.c

漏洞详情: https://avd.aquasec.com/nvd/cve-2021-46143

镜像层: sha256:ef761b3e942fcadb30dd4eae80f2d0405ff85c59d549f61f3d3f5fa72b3286a3

发布日期: 2022-01-06 04:15 修改: 2022-10-06 19:11
expat CVE-2022-22825 高危 2.2.9-r1 2.2.10-r0 expat: Integer overflow in lookup in xmlparse.c

漏洞详情: https://avd.aquasec.com/nvd/cve-2022-22825

镜像层: sha256:ef761b3e942fcadb30dd4eae80f2d0405ff85c59d549f61f3d3f5fa72b3286a3

发布日期: 2022-01-10 14:12 修改: 2022-10-06 14:47
expat CVE-2022-22826 高危 2.2.9-r1 2.2.10-r0 expat: Integer overflow in nextScaffoldPart in xmlparse.c

漏洞详情: https://avd.aquasec.com/nvd/cve-2022-22826

镜像层: sha256:ef761b3e942fcadb30dd4eae80f2d0405ff85c59d549f61f3d3f5fa72b3286a3

发布日期: 2022-01-10 14:12 修改: 2022-10-06 12:44
expat CVE-2022-22827 高危 2.2.9-r1 2.2.10-r0 expat: Integer overflow in storeAtts in xmlparse.c

漏洞详情: https://avd.aquasec.com/nvd/cve-2022-22827

镜像层: sha256:ef761b3e942fcadb30dd4eae80f2d0405ff85c59d549f61f3d3f5fa72b3286a3

发布日期: 2022-01-10 14:12 修改: 2022-10-06 12:52
expat CVE-2022-23990 高危 2.2.9-r1 2.2.10-r1 expat: integer overflow in the doProlog function

漏洞详情: https://avd.aquasec.com/nvd/cve-2022-23990

镜像层: sha256:ef761b3e942fcadb30dd4eae80f2d0405ff85c59d549f61f3d3f5fa72b3286a3

发布日期: 2022-01-26 19:15 修改: 2023-11-07 03:44
expat CVE-2022-25314 高危 2.2.9-r1 2.2.10-r2 expat: Integer overflow in copyString()

漏洞详情: https://avd.aquasec.com/nvd/cve-2022-25314

镜像层: sha256:ef761b3e942fcadb30dd4eae80f2d0405ff85c59d549f61f3d3f5fa72b3286a3

发布日期: 2022-02-18 05:15 修改: 2023-11-07 03:44
git CVE-2021-40330 高危 2.26.3-r0 2.26.3-r1 git: unexpected cross-protocol requests via a repository path containing a newline character

漏洞详情: https://avd.aquasec.com/nvd/cve-2021-40330

镜像层: sha256:ef761b3e942fcadb30dd4eae80f2d0405ff85c59d549f61f3d3f5fa72b3286a3

发布日期: 2021-08-31 04:15 修改: 2022-11-07 18:37
git-perl CVE-2021-40330 高危 2.26.3-r0 2.26.3-r1 git: unexpected cross-protocol requests via a repository path containing a newline character

漏洞详情: https://avd.aquasec.com/nvd/cve-2021-40330

镜像层: sha256:ef761b3e942fcadb30dd4eae80f2d0405ff85c59d549f61f3d3f5fa72b3286a3

发布日期: 2021-08-31 04:15 修改: 2022-11-07 18:37
libcrypto1.1 CVE-2022-0778 高危 1.1.1l-r0 1.1.1n-r0 openssl: Infinite loop in BN_mod_sqrt() reachable when parsing certificates

漏洞详情: https://avd.aquasec.com/nvd/cve-2022-0778

镜像层: sha256:eb4bde6b29a6746e0779f80a09ca6f0806de61475059f7d56d6e20f6cc2e15f7

发布日期: 2022-03-15 17:15 修改: 2024-06-21 19:15
libcurl CVE-2022-22576 高危 7.79.1-r0 7.79.1-r1 curl: OAUTH2 bearer bypass in connection re-use

漏洞详情: https://avd.aquasec.com/nvd/cve-2022-22576

镜像层: sha256:ef761b3e942fcadb30dd4eae80f2d0405ff85c59d549f61f3d3f5fa72b3286a3

发布日期: 2022-05-26 17:15 修改: 2024-03-27 15:02
libcurl CVE-2022-27775 高危 7.79.1-r0 7.79.1-r1 curl: bad local IPv6 connection reuse

漏洞详情: https://avd.aquasec.com/nvd/cve-2022-27775

镜像层: sha256:ef761b3e942fcadb30dd4eae80f2d0405ff85c59d549f61f3d3f5fa72b3286a3

发布日期: 2022-06-02 14:15 修改: 2024-03-27 15:02
libssl1.1 CVE-2022-0778 高危 1.1.1l-r0 1.1.1n-r0 openssl: Infinite loop in BN_mod_sqrt() reachable when parsing certificates

漏洞详情: https://avd.aquasec.com/nvd/cve-2022-0778

镜像层: sha256:eb4bde6b29a6746e0779f80a09ca6f0806de61475059f7d56d6e20f6cc2e15f7

发布日期: 2022-03-15 17:15 修改: 2024-06-21 19:15
openssl CVE-2022-0778 高危 1.1.1l-r0 1.1.1n-r0 openssl: Infinite loop in BN_mod_sqrt() reachable when parsing certificates

漏洞详情: https://avd.aquasec.com/nvd/cve-2022-0778

镜像层: sha256:ef761b3e942fcadb30dd4eae80f2d0405ff85c59d549f61f3d3f5fa72b3286a3

发布日期: 2022-03-15 17:15 修改: 2024-06-21 19:15
perl-git CVE-2021-40330 高危 2.26.3-r0 2.26.3-r1 git: unexpected cross-protocol requests via a repository path containing a newline character

漏洞详情: https://avd.aquasec.com/nvd/cve-2021-40330

镜像层: sha256:ef761b3e942fcadb30dd4eae80f2d0405ff85c59d549f61f3d3f5fa72b3286a3

发布日期: 2021-08-31 04:15 修改: 2022-11-07 18:37
ssl_client CVE-2022-28391 高危 1.31.1-r21 1.31.1-r22 busybox: remote attackers may execute arbitrary code if netstat is used

漏洞详情: https://avd.aquasec.com/nvd/cve-2022-28391

镜像层: sha256:eb4bde6b29a6746e0779f80a09ca6f0806de61475059f7d56d6e20f6cc2e15f7

发布日期: 2022-04-03 21:15 修改: 2022-08-11 18:44
xz-libs CVE-2022-1271 高危 5.2.5-r0 5.2.5-r1 gzip: arbitrary-file-write vulnerability

漏洞详情: https://avd.aquasec.com/nvd/cve-2022-1271

镜像层: sha256:ef761b3e942fcadb30dd4eae80f2d0405ff85c59d549f61f3d3f5fa72b3286a3

发布日期: 2022-08-31 16:15 修改: 2024-08-26 10:47
curl CVE-2022-22576 高危 7.79.1-r0 7.79.1-r1 curl: OAUTH2 bearer bypass in connection re-use

漏洞详情: https://avd.aquasec.com/nvd/cve-2022-22576

镜像层: sha256:ef761b3e942fcadb30dd4eae80f2d0405ff85c59d549f61f3d3f5fa72b3286a3

发布日期: 2022-05-26 17:15 修改: 2024-03-27 15:02
zlib CVE-2018-25032 高危 1.2.11-r3 1.2.12-r0 zlib: A flaw found in zlib when compressing (not decompressing) certain inputs

漏洞详情: https://avd.aquasec.com/nvd/cve-2018-25032

镜像层: sha256:eb4bde6b29a6746e0779f80a09ca6f0806de61475059f7d56d6e20f6cc2e15f7

发布日期: 2022-03-25 09:15 修改: 2023-11-07 02:56
curl CVE-2022-27776 中危 7.79.1-r0 7.79.1-r1 curl: auth/cookie leak on redirect

漏洞详情: https://avd.aquasec.com/nvd/cve-2022-27776

镜像层: sha256:ef761b3e942fcadb30dd4eae80f2d0405ff85c59d549f61f3d3f5fa72b3286a3

发布日期: 2022-06-02 14:15 修改: 2024-03-27 15:02
libcurl CVE-2022-27774 中危 7.79.1-r0 7.79.1-r1 curl: credential leak on redirect

漏洞详情: https://avd.aquasec.com/nvd/cve-2022-27774

镜像层: sha256:ef761b3e942fcadb30dd4eae80f2d0405ff85c59d549f61f3d3f5fa72b3286a3

发布日期: 2022-06-02 14:15 修改: 2024-03-27 15:02
libcurl CVE-2022-27776 中危 7.79.1-r0 7.79.1-r1 curl: auth/cookie leak on redirect

漏洞详情: https://avd.aquasec.com/nvd/cve-2022-27776

镜像层: sha256:ef761b3e942fcadb30dd4eae80f2d0405ff85c59d549f61f3d3f5fa72b3286a3

发布日期: 2022-06-02 14:15 修改: 2024-03-27 15:02
expat CVE-2022-25313 中危 2.2.9-r1 2.2.10-r2 expat: Stack exhaustion in doctype parsing

漏洞详情: https://avd.aquasec.com/nvd/cve-2022-25313

镜像层: sha256:ef761b3e942fcadb30dd4eae80f2d0405ff85c59d549f61f3d3f5fa72b3286a3

发布日期: 2022-02-18 05:15 修改: 2023-11-07 03:44
curl CVE-2022-27774 中危 7.79.1-r0 7.79.1-r1 curl: credential leak on redirect

漏洞详情: https://avd.aquasec.com/nvd/cve-2022-27774

镜像层: sha256:ef761b3e942fcadb30dd4eae80f2d0405ff85c59d549f61f3d3f5fa72b3286a3

发布日期: 2022-06-02 14:15 修改: 2024-03-27 15:02
Node.js (node-pkg)
低危漏洞:5 中危漏洞:18 高危漏洞:37 严重漏洞:12
软件包 漏洞 安全状态 安装版本 修复版本 漏洞信息
minimist CVE-2021-44906 严重 1.2.5 1.2.6, 0.2.4 minimist: prototype pollution

漏洞详情: https://avd.aquasec.com/nvd/cve-2021-44906

镜像层: sha256:ef761b3e942fcadb30dd4eae80f2d0405ff85c59d549f61f3d3f5fa72b3286a3

发布日期: 2022-03-17 16:15 修改: 2024-06-21 19:15
systeminformation CVE-2023-42810 严重 5.9.17 5.21.7 systeminformation SSID Command Injection Vulnerability

漏洞详情: https://avd.aquasec.com/nvd/cve-2023-42810

镜像层: sha256:ef761b3e942fcadb30dd4eae80f2d0405ff85c59d549f61f3d3f5fa72b3286a3

发布日期: 2023-09-21 18:15 修改: 2023-09-23 03:38
underscore CVE-2021-23358 严重 1.4.4 1.12.1 nodejs-underscore: Arbitrary code execution via the template function

漏洞详情: https://avd.aquasec.com/nvd/cve-2021-23358

镜像层: sha256:ef761b3e942fcadb30dd4eae80f2d0405ff85c59d549f61f3d3f5fa72b3286a3

发布日期: 2021-03-29 14:15 修改: 2023-11-07 03:30
vm2 CVE-2021-23555 严重 3.9.5 3.9.6 vm2: vulnerable to Sandbox Bypass

漏洞详情: https://avd.aquasec.com/nvd/cve-2021-23555

镜像层: sha256:ef761b3e942fcadb30dd4eae80f2d0405ff85c59d549f61f3d3f5fa72b3286a3

发布日期: 2022-02-11 20:15 修改: 2022-02-22 20:12
vm2 CVE-2022-25893 严重 3.9.5 3.9.10 vm2 vulnerable to Arbitrary Code Execution

漏洞详情: https://avd.aquasec.com/nvd/cve-2022-25893

镜像层: sha256:ef761b3e942fcadb30dd4eae80f2d0405ff85c59d549f61f3d3f5fa72b3286a3

发布日期: 2022-12-21 05:15 修改: 2023-01-03 13:59
vm2 CVE-2022-36067 严重 3.9.5 3.9.11 vm2: Sandbox Escape in vm2

漏洞详情: https://avd.aquasec.com/nvd/cve-2022-36067

镜像层: sha256:ef761b3e942fcadb30dd4eae80f2d0405ff85c59d549f61f3d3f5fa72b3286a3

发布日期: 2022-09-06 22:15 修改: 2022-11-08 03:03
vm2 CVE-2023-29017 严重 3.9.5 3.9.15 vm2: sandbox escape

漏洞详情: https://avd.aquasec.com/nvd/cve-2023-29017

镜像层: sha256:ef761b3e942fcadb30dd4eae80f2d0405ff85c59d549f61f3d3f5fa72b3286a3

发布日期: 2023-04-06 20:15 修改: 2023-04-13 13:20
vm2 CVE-2023-29199 严重 3.9.5 3.9.16 vm2: Sandbox Escape

漏洞详情: https://avd.aquasec.com/nvd/cve-2023-29199

镜像层: sha256:ef761b3e942fcadb30dd4eae80f2d0405ff85c59d549f61f3d3f5fa72b3286a3

发布日期: 2023-04-14 19:15 修改: 2023-04-25 15:14
vm2 CVE-2023-30547 严重 3.9.5 3.9.17 vm2: Sandbox Escape when exception sanitization

漏洞详情: https://avd.aquasec.com/nvd/cve-2023-30547

镜像层: sha256:ef761b3e942fcadb30dd4eae80f2d0405ff85c59d549f61f3d3f5fa72b3286a3

发布日期: 2023-04-17 22:15 修改: 2023-04-28 01:13
vm2 CVE-2023-32314 严重 3.9.5 3.9.18 vm2: Sandbox Escape

漏洞详情: https://avd.aquasec.com/nvd/cve-2023-32314

镜像层: sha256:ef761b3e942fcadb30dd4eae80f2d0405ff85c59d549f61f3d3f5fa72b3286a3

发布日期: 2023-05-15 20:15 修改: 2023-05-24 20:50
vm2 CVE-2023-37466 严重 3.9.5 vm2: Promise handler sanitization can be bypassed allowing attackers to escape the sandbox and run arbitrary code

漏洞详情: https://avd.aquasec.com/nvd/cve-2023-37466

镜像层: sha256:ef761b3e942fcadb30dd4eae80f2d0405ff85c59d549f61f3d3f5fa72b3286a3

发布日期: 2023-07-14 00:15 修改: 2024-02-01 14:05
vm2 CVE-2023-37903 严重 3.9.5 vm2: custom inspect function allows attackers to escape the sandbox and run arbitrary code

漏洞详情: https://avd.aquasec.com/nvd/cve-2023-37903

镜像层: sha256:ef761b3e942fcadb30dd4eae80f2d0405ff85c59d549f61f3d3f5fa72b3286a3

发布日期: 2023-07-21 20:15 修改: 2024-02-01 13:46
ip CVE-2024-29415 高危 1.1.5 node-ip: Incomplete fix for CVE-2023-42282

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-29415

镜像层: sha256:ef761b3e942fcadb30dd4eae80f2d0405ff85c59d549f61f3d3f5fa72b3286a3

发布日期: 2024-05-27 20:15 修改: 2024-08-16 14:35
jsonwebtoken CVE-2022-23539 高危 8.5.1 9.0.0 jsonwebtoken: Unrestricted key type could lead to legacy keys usagen

漏洞详情: https://avd.aquasec.com/nvd/cve-2022-23539

镜像层: sha256:ef761b3e942fcadb30dd4eae80f2d0405ff85c59d549f61f3d3f5fa72b3286a3

发布日期: 2022-12-23 00:15 修改: 2024-06-21 19:15
lodash.set CVE-2020-8203 高危 4.3.2 nodejs-lodash: prototype pollution in zipObjectDeep function

漏洞详情: https://avd.aquasec.com/nvd/cve-2020-8203

镜像层: sha256:ef761b3e942fcadb30dd4eae80f2d0405ff85c59d549f61f3d3f5fa72b3286a3

发布日期: 2020-07-15 17:15 修改: 2024-01-21 02:37
luxon CVE-2023-22467 高危 1.28.0 1.28.1, 2.5.2, 3.2.1 luxon: Inefficient regular expression complexity in luxon.js

漏洞详情: https://avd.aquasec.com/nvd/cve-2023-22467

镜像层: sha256:ef761b3e942fcadb30dd4eae80f2d0405ff85c59d549f61f3d3f5fa72b3286a3

发布日期: 2023-01-04 22:15 修改: 2024-02-12 04:15
minimatch CVE-2022-3517 高危 3.0.4 3.0.5 nodejs-minimatch: ReDoS via the braceExpand function

漏洞详情: https://avd.aquasec.com/nvd/cve-2022-3517

镜像层: sha256:ef761b3e942fcadb30dd4eae80f2d0405ff85c59d549f61f3d3f5fa72b3286a3

发布日期: 2022-10-17 20:15 修改: 2023-11-07 03:51
minimatch CVE-2022-3517 高危 3.0.4 3.0.5 nodejs-minimatch: ReDoS via the braceExpand function

漏洞详情: https://avd.aquasec.com/nvd/cve-2022-3517

镜像层: sha256:2b27bec91e715849edc9e616992b07285177c75a75820ef71446c9c4153bdd7d

发布日期: 2022-10-17 20:15 修改: 2023-11-07 03:51
minimatch CVE-2022-3517 高危 3.0.4 3.0.5 nodejs-minimatch: ReDoS via the braceExpand function

漏洞详情: https://avd.aquasec.com/nvd/cve-2022-3517

镜像层: sha256:ef761b3e942fcadb30dd4eae80f2d0405ff85c59d549f61f3d3f5fa72b3286a3

发布日期: 2022-10-17 20:15 修改: 2023-11-07 03:51
ansi-regex CVE-2021-3807 高危 3.0.0 6.0.1, 5.0.1, 4.1.1, 3.0.1 nodejs-ansi-regex: Regular expression denial of service (ReDoS) matching ANSI escape codes

漏洞详情: https://avd.aquasec.com/nvd/cve-2021-3807

镜像层: sha256:2b27bec91e715849edc9e616992b07285177c75a75820ef71446c9c4153bdd7d

发布日期: 2021-09-17 07:15 修改: 2023-07-10 19:01
moment CVE-2022-24785 高危 2.29.1 2.29.2 Moment.js: Path traversal in moment.locale

漏洞详情: https://avd.aquasec.com/nvd/cve-2022-24785

镜像层: sha256:ef761b3e942fcadb30dd4eae80f2d0405ff85c59d549f61f3d3f5fa72b3286a3

发布日期: 2022-04-04 17:15 修改: 2023-11-07 03:44
moment CVE-2022-31129 高危 2.29.1 2.29.4 moment: inefficient parsing algorithm resulting in DoS

漏洞详情: https://avd.aquasec.com/nvd/cve-2022-31129

镜像层: sha256:ef761b3e942fcadb30dd4eae80f2d0405ff85c59d549f61f3d3f5fa72b3286a3

发布日期: 2022-07-06 18:15 修改: 2023-11-07 03:47
nedb CVE-2021-23395 高危 1.8.0 Prototype Pollution in nedb

漏洞详情: https://avd.aquasec.com/nvd/cve-2021-23395

镜像层: sha256:ef761b3e942fcadb30dd4eae80f2d0405ff85c59d549f61f3d3f5fa72b3286a3

发布日期: 2021-06-15 20:15 修改: 2023-08-08 14:22
node-fetch CVE-2022-0235 高危 2.6.6 3.1.1, 2.6.7 node-fetch: exposure of sensitive information to an unauthorized actor

漏洞详情: https://avd.aquasec.com/nvd/cve-2022-0235

镜像层: sha256:ef761b3e942fcadb30dd4eae80f2d0405ff85c59d549f61f3d3f5fa72b3286a3

发布日期: 2022-01-16 17:15 修改: 2023-02-03 19:16
npm CVE-2022-29244 高危 8.1.2 8.11.0 nodejs: npm pack ignores root-level .gitignore and .npmignore file exclusion directives when run in a workspace

漏洞详情: https://avd.aquasec.com/nvd/cve-2022-29244

镜像层: sha256:2b27bec91e715849edc9e616992b07285177c75a75820ef71446c9c4153bdd7d

发布日期: 2022-06-13 14:15 修改: 2022-10-27 16:25
path-to-regexp CVE-2024-45296 高危 0.1.7 1.9.0, 0.1.10, 8.0.0, 3.3.0, 6.3.0 path-to-regexp: Backtracking regular expressions cause ReDoS

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-45296

镜像层: sha256:ef761b3e942fcadb30dd4eae80f2d0405ff85c59d549f61f3d3f5fa72b3286a3

发布日期: 2024-09-09 19:15 修改: 2024-09-10 12:09
path-to-regexp CVE-2024-45296 高危 1.8.0 1.9.0, 0.1.10, 8.0.0, 3.3.0, 6.3.0 path-to-regexp: Backtracking regular expressions cause ReDoS

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-45296

镜像层: sha256:ef761b3e942fcadb30dd4eae80f2d0405ff85c59d549f61f3d3f5fa72b3286a3

发布日期: 2024-09-09 19:15 修改: 2024-09-10 12:09
path-to-regexp CVE-2024-45296 高危 2.2.1 1.9.0, 0.1.10, 8.0.0, 3.3.0, 6.3.0 path-to-regexp: Backtracking regular expressions cause ReDoS

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-45296

镜像层: sha256:ef761b3e942fcadb30dd4eae80f2d0405ff85c59d549f61f3d3f5fa72b3286a3

发布日期: 2024-09-09 19:15 修改: 2024-09-10 12:09
pnpm CVE-2023-37478 高危 6.24.2 7.33.4, 8.6.8 pnpm incorrectly parses tar archives relative to specification

漏洞详情: https://avd.aquasec.com/nvd/cve-2023-37478

镜像层: sha256:ef761b3e942fcadb30dd4eae80f2d0405ff85c59d549f61f3d3f5fa72b3286a3

发布日期: 2023-08-01 12:15 修改: 2023-08-04 17:44
qs CVE-2022-24999 高危 6.9.6 6.10.3, 6.9.7, 6.8.3, 6.7.3, 6.6.1, 6.5.3, 6.4.1, 6.3.3, 6.2.4 express: "qs" prototype poisoning causes the hang of the node process

漏洞详情: https://avd.aquasec.com/nvd/cve-2022-24999

镜像层: sha256:ef761b3e942fcadb30dd4eae80f2d0405ff85c59d549f61f3d3f5fa72b3286a3

发布日期: 2022-11-26 22:15 修改: 2023-09-08 17:15
semver CVE-2022-25883 高危 5.7.1 7.5.2, 6.3.1, 5.7.2 nodejs-semver: Regular expression denial of service

漏洞详情: https://avd.aquasec.com/nvd/cve-2022-25883

镜像层: sha256:ef761b3e942fcadb30dd4eae80f2d0405ff85c59d549f61f3d3f5fa72b3286a3

发布日期: 2023-06-21 05:15 修改: 2023-11-07 03:44
semver CVE-2022-25883 高危 6.3.0 7.5.2, 6.3.1, 5.7.2 nodejs-semver: Regular expression denial of service

漏洞详情: https://avd.aquasec.com/nvd/cve-2022-25883

镜像层: sha256:ef761b3e942fcadb30dd4eae80f2d0405ff85c59d549f61f3d3f5fa72b3286a3

发布日期: 2023-06-21 05:15 修改: 2023-11-07 03:44
semver CVE-2022-25883 高危 7.2.3 7.5.2, 6.3.1, 5.7.2 nodejs-semver: Regular expression denial of service

漏洞详情: https://avd.aquasec.com/nvd/cve-2022-25883

镜像层: sha256:ef761b3e942fcadb30dd4eae80f2d0405ff85c59d549f61f3d3f5fa72b3286a3

发布日期: 2023-06-21 05:15 修改: 2023-11-07 03:44
semver CVE-2022-25883 高危 7.3.5 7.5.2, 6.3.1, 5.7.2 nodejs-semver: Regular expression denial of service

漏洞详情: https://avd.aquasec.com/nvd/cve-2022-25883

镜像层: sha256:2b27bec91e715849edc9e616992b07285177c75a75820ef71446c9c4153bdd7d

发布日期: 2023-06-21 05:15 修改: 2023-11-07 03:44
semver CVE-2022-25883 高危 7.3.5 7.5.2, 6.3.1, 5.7.2 nodejs-semver: Regular expression denial of service

漏洞详情: https://avd.aquasec.com/nvd/cve-2022-25883

镜像层: sha256:ef761b3e942fcadb30dd4eae80f2d0405ff85c59d549f61f3d3f5fa72b3286a3

发布日期: 2023-06-21 05:15 修改: 2023-11-07 03:44
semver CVE-2022-25883 高危 7.3.5 7.5.2, 6.3.1, 5.7.2 nodejs-semver: Regular expression denial of service

漏洞详情: https://avd.aquasec.com/nvd/cve-2022-25883

镜像层: sha256:ef761b3e942fcadb30dd4eae80f2d0405ff85c59d549f61f3d3f5fa72b3286a3

发布日期: 2023-06-21 05:15 修改: 2023-11-07 03:44
ansi-regex CVE-2021-3807 高危 5.0.0 6.0.1, 5.0.1, 4.1.1, 3.0.1 nodejs-ansi-regex: Regular expression denial of service (ReDoS) matching ANSI escape codes

漏洞详情: https://avd.aquasec.com/nvd/cve-2021-3807

镜像层: sha256:2b27bec91e715849edc9e616992b07285177c75a75820ef71446c9c4153bdd7d

发布日期: 2021-09-17 07:15 修改: 2023-07-10 19:01
async CVE-2021-43138 高危 2.6.3 3.2.2, 2.6.4 async: Prototype Pollution in async

漏洞详情: https://avd.aquasec.com/nvd/cve-2021-43138

镜像层: sha256:ef761b3e942fcadb30dd4eae80f2d0405ff85c59d549f61f3d3f5fa72b3286a3

发布日期: 2022-04-06 17:15 修改: 2024-06-21 19:15
body-parser CVE-2024-45590 高危 1.19.1 1.20.3 body-parser: Denial of Service Vulnerability in body-parser

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-45590

镜像层: sha256:ef761b3e942fcadb30dd4eae80f2d0405ff85c59d549f61f3d3f5fa72b3286a3

发布日期: 2024-09-10 16:15 修改: 2024-09-20 16:26
braces CVE-2024-4068 高危 3.0.2 3.0.3 braces: fails to limit the number of characters it can handle

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-4068

镜像层: sha256:ef761b3e942fcadb30dd4eae80f2d0405ff85c59d549f61f3d3f5fa72b3286a3

发布日期: 2024-05-14 15:42 修改: 2024-07-03 02:07
fast-json-patch CVE-2021-4279 高危 3.1.0 3.1.1 Starcounter-Jack JSON-Patch Prototype Pollution vulnerability

漏洞详情: https://avd.aquasec.com/nvd/cve-2021-4279

镜像层: sha256:ef761b3e942fcadb30dd4eae80f2d0405ff85c59d549f61f3d3f5fa72b3286a3

发布日期: 2022-12-25 20:15 修改: 2024-05-17 02:03
follow-redirects CVE-2022-0155 高危 1.14.6 1.14.7 follow-redirects: Exposure of Private Personal Information to an Unauthorized Actor

漏洞详情: https://avd.aquasec.com/nvd/cve-2022-0155

镜像层: sha256:ef761b3e942fcadb30dd4eae80f2d0405ff85c59d549f61f3d3f5fa72b3286a3

发布日期: 2022-01-10 20:15 修改: 2022-10-28 17:54
http-cache-semantics CVE-2022-25881 高危 4.1.0 4.1.1 http-cache-semantics: Regular Expression Denial of Service (ReDoS) vulnerability

漏洞详情: https://avd.aquasec.com/nvd/cve-2022-25881

镜像层: sha256:ef761b3e942fcadb30dd4eae80f2d0405ff85c59d549f61f3d3f5fa72b3286a3

发布日期: 2023-01-31 05:15 修改: 2023-11-07 03:44
http-cache-semantics CVE-2022-25881 高危 4.1.0 4.1.1 http-cache-semantics: Regular Expression Denial of Service (ReDoS) vulnerability

漏洞详情: https://avd.aquasec.com/nvd/cve-2022-25881

镜像层: sha256:2b27bec91e715849edc9e616992b07285177c75a75820ef71446c9c4153bdd7d

发布日期: 2023-01-31 05:15 修改: 2023-11-07 03:44
http-cache-semantics CVE-2022-25881 高危 4.1.0 4.1.1 http-cache-semantics: Regular Expression Denial of Service (ReDoS) vulnerability

漏洞详情: https://avd.aquasec.com/nvd/cve-2022-25881

镜像层: sha256:ef761b3e942fcadb30dd4eae80f2d0405ff85c59d549f61f3d3f5fa72b3286a3

发布日期: 2023-01-31 05:15 修改: 2023-11-07 03:44
ip CVE-2024-29415 高危 1.1.5 node-ip: Incomplete fix for CVE-2023-42282

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-29415

镜像层: sha256:2b27bec91e715849edc9e616992b07285177c75a75820ef71446c9c4153bdd7d

发布日期: 2024-05-27 20:15 修改: 2024-08-16 14:35
ip CVE-2024-29415 高危 1.1.5 node-ip: Incomplete fix for CVE-2023-42282

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-29415

镜像层: sha256:ef761b3e942fcadb30dd4eae80f2d0405ff85c59d549f61f3d3f5fa72b3286a3

发布日期: 2024-05-27 20:15 修改: 2024-08-16 14:35
ws CVE-2024-37890 高危 7.4.6 5.2.4, 6.2.3, 7.5.10, 8.17.1 nodejs-ws: denial of service when handling a request with many HTTP headers

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-37890

镜像层: sha256:ef761b3e942fcadb30dd4eae80f2d0405ff85c59d549f61f3d3f5fa72b3286a3

发布日期: 2024-06-17 20:15 修改: 2024-06-20 12:44
ws CVE-2024-37890 高危 7.5.6 5.2.4, 6.2.3, 7.5.10, 8.17.1 nodejs-ws: denial of service when handling a request with many HTTP headers

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-37890

镜像层: sha256:ef761b3e942fcadb30dd4eae80f2d0405ff85c59d549f61f3d3f5fa72b3286a3

发布日期: 2024-06-17 20:15 修改: 2024-06-20 12:44
serve-static CVE-2024-43800 中危 1.14.2 1.16.0, 2.1.0 serve-static: Improper Sanitization in serve-static

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-43800

镜像层: sha256:ef761b3e942fcadb30dd4eae80f2d0405ff85c59d549f61f3d3f5fa72b3286a3

发布日期: 2024-09-10 15:15 修改: 2024-09-20 17:36
got CVE-2022-33987 中危 11.8.3 12.1.0, 11.8.5 nodejs-got: missing verification of requested URLs allows redirects to UNIX sockets

漏洞详情: https://avd.aquasec.com/nvd/cve-2022-33987

镜像层: sha256:ef761b3e942fcadb30dd4eae80f2d0405ff85c59d549f61f3d3f5fa72b3286a3

发布日期: 2022-06-18 21:15 修改: 2022-06-28 16:15
tar CVE-2024-28863 中危 6.1.11 6.2.1 node-tar: denial of service while parsing a tar file due to lack of folders depth validation

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-28863

镜像层: sha256:2b27bec91e715849edc9e616992b07285177c75a75820ef71446c9c4153bdd7d

发布日期: 2024-03-21 23:15 修改: 2024-06-10 17:16
tar CVE-2024-28863 中危 6.1.11 6.2.1 node-tar: denial of service while parsing a tar file due to lack of folders depth validation

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-28863

镜像层: sha256:ef761b3e942fcadb30dd4eae80f2d0405ff85c59d549f61f3d3f5fa72b3286a3

发布日期: 2024-03-21 23:15 修改: 2024-06-10 17:16
express CVE-2024-29041 中危 4.17.2 4.19.2, 5.0.0-beta.3 express: cause malformed URLs to be evaluated

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-29041

镜像层: sha256:ef761b3e942fcadb30dd4eae80f2d0405ff85c59d549f61f3d3f5fa72b3286a3

发布日期: 2024-03-25 21:15 修改: 2024-03-26 12:55
express CVE-2024-43796 中危 4.17.2 4.20.0, 5.0.0 express: Improper Input Handling in Express Redirects

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-43796

镜像层: sha256:ef761b3e942fcadb30dd4eae80f2d0405ff85c59d549f61f3d3f5fa72b3286a3

发布日期: 2024-09-10 15:15 修改: 2024-09-20 16:07
@sideway/formula CVE-2023-25166 中危 3.0.0 3.0.1 @sideway/formula: Regular Expression Denial of Service (ReDoS) Vulnerability

漏洞详情: https://avd.aquasec.com/nvd/cve-2023-25166

镜像层: sha256:ef761b3e942fcadb30dd4eae80f2d0405ff85c59d549f61f3d3f5fa72b3286a3

发布日期: 2023-02-08 20:15 修改: 2023-02-16 19:53
axios CVE-2023-45857 中危 0.21.4 1.6.0, 0.28.0 axios: exposure of confidential data stored in cookies

漏洞详情: https://avd.aquasec.com/nvd/cve-2023-45857

镜像层: sha256:ef761b3e942fcadb30dd4eae80f2d0405ff85c59d549f61f3d3f5fa72b3286a3

发布日期: 2023-11-08 21:15 修改: 2024-06-21 19:15
follow-redirects CVE-2022-0536 中危 1.14.6 1.14.8 follow-redirects: Exposure of Sensitive Information via Authorization Header leak

漏洞详情: https://avd.aquasec.com/nvd/cve-2022-0536

镜像层: sha256:ef761b3e942fcadb30dd4eae80f2d0405ff85c59d549f61f3d3f5fa72b3286a3

发布日期: 2022-02-09 11:15 修改: 2023-08-02 09:15
follow-redirects CVE-2023-26159 中危 1.14.6 1.15.4 follow-redirects: Improper Input Validation due to the improper handling of URLs by the url.parse()

漏洞详情: https://avd.aquasec.com/nvd/cve-2023-26159

镜像层: sha256:ef761b3e942fcadb30dd4eae80f2d0405ff85c59d549f61f3d3f5fa72b3286a3

发布日期: 2024-01-02 05:15 修改: 2024-01-23 03:15
follow-redirects CVE-2024-28849 中危 1.14.6 1.15.6 follow-redirects: Possible credential leak

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-28849

镜像层: sha256:ef761b3e942fcadb30dd4eae80f2d0405ff85c59d549f61f3d3f5fa72b3286a3

发布日期: 2024-03-14 17:15 修改: 2024-03-23 03:15
moment-timezone GHSA-v78c-4p63-2j6c 中危 0.5.34 0.5.35 Cleartext Transmission of Sensitive Information in moment-timezone

漏洞详情: https://github.com/advisories/GHSA-v78c-4p63-2j6c

镜像层: sha256:ef761b3e942fcadb30dd4eae80f2d0405ff85c59d549f61f3d3f5fa72b3286a3

发布日期: 0001-01-01 00:00 修改: 0001-01-01 00:00
jsonwebtoken CVE-2022-23540 中危 8.5.1 9.0.0 jsonwebtoken: Insecure default algorithm in jwt.verify() could lead to signature validation bypass

漏洞详情: https://avd.aquasec.com/nvd/cve-2022-23540

镜像层: sha256:ef761b3e942fcadb30dd4eae80f2d0405ff85c59d549f61f3d3f5fa72b3286a3

发布日期: 2022-12-22 19:15 修改: 2024-06-21 19:15
jsonwebtoken CVE-2022-23541 中危 8.5.1 9.0.0 jsonwebtoken: Insecure implementation of key retrieval function could lead to Forgeable Public/Private Tokens from RSA to HMAC

漏洞详情: https://avd.aquasec.com/nvd/cve-2022-23541

镜像层: sha256:ef761b3e942fcadb30dd4eae80f2d0405ff85c59d549f61f3d3f5fa72b3286a3

发布日期: 2022-12-22 18:15 修改: 2024-06-21 19:15
vm2 CVE-2023-32313 中危 3.9.5 3.9.18 vm2: Inspect Manipulation

漏洞详情: https://avd.aquasec.com/nvd/cve-2023-32313

镜像层: sha256:ef761b3e942fcadb30dd4eae80f2d0405ff85c59d549f61f3d3f5fa72b3286a3

发布日期: 2023-05-15 20:15 修改: 2023-05-24 20:43
word-wrap CVE-2023-26115 中危 1.2.3 1.2.4 word-wrap: ReDoS

漏洞详情: https://avd.aquasec.com/nvd/cve-2023-26115

镜像层: sha256:ef761b3e942fcadb30dd4eae80f2d0405ff85c59d549f61f3d3f5fa72b3286a3

发布日期: 2023-06-22 05:15 修改: 2024-06-21 19:15
nodemailer GHSA-9h6g-pr28-7cqp 中危 6.7.2 6.9.9 nodemailer ReDoS when trying to send a specially crafted email

漏洞详情: https://github.com/advisories/GHSA-9h6g-pr28-7cqp

镜像层: sha256:ef761b3e942fcadb30dd4eae80f2d0405ff85c59d549f61f3d3f5fa72b3286a3

发布日期: 0001-01-01 00:00 修改: 0001-01-01 00:00
send CVE-2024-43799 中危 0.17.2 0.19.0 send: Code Execution Vulnerability in Send Library

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-43799

镜像层: sha256:ef761b3e942fcadb30dd4eae80f2d0405ff85c59d549f61f3d3f5fa72b3286a3

发布日期: 2024-09-10 15:15 修改: 2024-09-20 16:57
moment-timezone GHSA-56x4-j7p9-fcf9 低危 0.5.34 0.5.35 Command Injection in moment-timezone

漏洞详情: https://github.com/advisories/GHSA-56x4-j7p9-fcf9

镜像层: sha256:ef761b3e942fcadb30dd4eae80f2d0405ff85c59d549f61f3d3f5fa72b3286a3

发布日期: 0001-01-01 00:00 修改: 0001-01-01 00:00
cookie CVE-2024-47764 低危 0.4.1 0.7.0 cookie: cookie accepts cookie name, path, and domain with out of bounds characters

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-47764

镜像层: sha256:ef761b3e942fcadb30dd4eae80f2d0405ff85c59d549f61f3d3f5fa72b3286a3

发布日期: 2024-10-04 20:15 修改: 2024-10-07 17:48
ip CVE-2023-42282 低危 1.1.5 2.0.1, 1.1.9 nodejs-ip: arbitrary code execution via the isPublic() function

漏洞详情: https://avd.aquasec.com/nvd/cve-2023-42282

镜像层: sha256:2b27bec91e715849edc9e616992b07285177c75a75820ef71446c9c4153bdd7d

发布日期: 2024-02-08 17:15 修改: 2024-10-09 15:14
ip CVE-2023-42282 低危 1.1.5 2.0.1, 1.1.9 nodejs-ip: arbitrary code execution via the isPublic() function

漏洞详情: https://avd.aquasec.com/nvd/cve-2023-42282

镜像层: sha256:ef761b3e942fcadb30dd4eae80f2d0405ff85c59d549f61f3d3f5fa72b3286a3

发布日期: 2024-02-08 17:15 修改: 2024-10-09 15:14
ip CVE-2023-42282 低危 1.1.5 2.0.1, 1.1.9 nodejs-ip: arbitrary code execution via the isPublic() function

漏洞详情: https://avd.aquasec.com/nvd/cve-2023-42282

镜像层: sha256:ef761b3e942fcadb30dd4eae80f2d0405ff85c59d549f61f3d3f5fa72b3286a3

发布日期: 2024-02-08 17:15 修改: 2024-10-09 15:14