docker.io/wojiushixiaobai/dataease:v2.10.1 linux/amd64

docker.io/wojiushixiaobai/dataease:v2.10.1 - Trivy安全扫描结果 扫描时间: 2024-10-30 09:06
全部漏洞信息
低危漏洞:2 中危漏洞:12 高危漏洞:14 严重漏洞:2

系统OS: debian trixie/sid 扫描引擎: Trivy 扫描时间: 2024-10-30 09:06

docker.io/wojiushixiaobai/dataease:v2.10.1 (debian trixie/sid) (debian)
低危漏洞:0 中危漏洞:0 高危漏洞:0 严重漏洞:0
软件包 漏洞 安全状态 安装版本 修复版本 漏洞信息
Java (jar)
低危漏洞:2 中危漏洞:9 高危漏洞:13 严重漏洞:2
软件包 漏洞 安全状态 安装版本 修复版本 漏洞信息
com.amazon.redshift:redshift-jdbc42 CVE-2024-32888 严重 2.1.0.1 2.1.0.28 Amazon JDBC Driver for Redshift SQL Injection via line comment generation

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-32888

镜像层: sha256:879deea04ef8ee76d3577fd39b7fb819570a06f801142bb16b5f6bd59b68256d

发布日期: 2024-05-15 03:15 修改: 2024-05-15 16:40
org.postgresql:postgresql CVE-2024-1597 严重 42.3.6 42.2.28, 42.3.9, 42.4.4, 42.5.5, 42.6.1, 42.7.2 pgjdbc: PostgreSQL JDBC Driver allows attacker to inject SQL if using PreferQueryMode=SIMPLE

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-1597

镜像层: sha256:879deea04ef8ee76d3577fd39b7fb819570a06f801142bb16b5f6bd59b68256d

发布日期: 2024-02-19 13:15 修改: 2024-06-10 17:16
com.fasterxml.jackson.core:jackson-databind CVE-2020-36518 高危 2.12.3 2.13.2.1, 2.12.6.1 jackson-databind: denial of service via a large depth of nested objects

漏洞详情: https://avd.aquasec.com/nvd/cve-2020-36518

镜像层: sha256:879deea04ef8ee76d3577fd39b7fb819570a06f801142bb16b5f6bd59b68256d

发布日期: 2022-03-11 07:15 修改: 2022-11-29 22:12
com.fasterxml.jackson.core:jackson-databind CVE-2021-46877 高危 2.12.3 2.12.6, 2.13.1 jackson-databind: Possible DoS if using JDK serialization to serialize JsonNode

漏洞详情: https://avd.aquasec.com/nvd/cve-2021-46877

镜像层: sha256:879deea04ef8ee76d3577fd39b7fb819570a06f801142bb16b5f6bd59b68256d

发布日期: 2023-03-18 22:15 修改: 2023-08-08 14:21
com.fasterxml.jackson.core:jackson-databind CVE-2022-42003 高危 2.12.3 2.12.7.1, 2.13.4.2 jackson-databind: deep wrapper array nesting wrt UNWRAP_SINGLE_VALUE_ARRAYS

漏洞详情: https://avd.aquasec.com/nvd/cve-2022-42003

镜像层: sha256:879deea04ef8ee76d3577fd39b7fb819570a06f801142bb16b5f6bd59b68256d

发布日期: 2022-10-02 05:15 修改: 2023-12-20 10:15
com.fasterxml.jackson.core:jackson-databind CVE-2022-42004 高危 2.12.3 2.12.7.1, 2.13.4 jackson-databind: use of deeply nested arrays

漏洞详情: https://avd.aquasec.com/nvd/cve-2022-42004

镜像层: sha256:879deea04ef8ee76d3577fd39b7fb819570a06f801142bb16b5f6bd59b68256d

发布日期: 2022-10-02 05:15 修改: 2022-12-02 15:10
com.google.protobuf:protobuf-java CVE-2024-7254 高危 3.21.9 3.25.5, 4.27.5, 4.28.2 protobuf: StackOverflow vulnerability in Protocol Buffers

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-7254

镜像层: sha256:879deea04ef8ee76d3577fd39b7fb819570a06f801142bb16b5f6bd59b68256d

发布日期: 2024-09-19 01:15 修改: 2024-09-20 12:30
com.mysql:mysql-connector-j CVE-2023-22102 高危 8.0.31 8.2.0 mysql-connector-java: Connector/J unspecified vulnerability (CPU October 2023)

漏洞详情: https://avd.aquasec.com/nvd/cve-2023-22102

镜像层: sha256:879deea04ef8ee76d3577fd39b7fb819570a06f801142bb16b5f6bd59b68256d

发布日期: 2023-10-17 22:15 修改: 2023-10-31 19:20
commons-io:commons-io CVE-2024-47554 高危 2.8.0 2.14.0 apache-commons-io: Possible denial of service attack on untrusted input to XmlStreamReader

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-47554

镜像层: sha256:879deea04ef8ee76d3577fd39b7fb819570a06f801142bb16b5f6bd59b68256d

发布日期: 2024-10-03 12:15 修改: 2024-10-04 13:50
org.apache.logging.log4j:log4j-core CVE-2021-45105 高危 2.12.2 2.12.3, 2.17.0, 2.3.1 log4j-core: DoS in log4j 2.x with Thread Context Map (MDC) input data contains a recursive lookup and context lookup pattern

漏洞详情: https://avd.aquasec.com/nvd/cve-2021-45105

镜像层: sha256:879deea04ef8ee76d3577fd39b7fb819570a06f801142bb16b5f6bd59b68256d

发布日期: 2021-12-18 12:15 修改: 2022-10-06 17:31
org.apache.tomcat.embed:tomcat-embed-core CVE-2024-34750 高危 10.1.24 11.0.0-M21, 10.1.25, 9.0.90 tomcat: Improper Handling of Exceptional Conditions

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-34750

镜像层: sha256:879deea04ef8ee76d3577fd39b7fb819570a06f801142bb16b5f6bd59b68256d

发布日期: 2024-07-03 20:15 修改: 2024-07-09 16:22
org.jsoup:jsoup CVE-2021-37714 高危 1.11.3 1.14.2 jsoup: Crafted input may cause the jsoup HTML and XML parser to get stuck

漏洞详情: https://avd.aquasec.com/nvd/cve-2021-37714

镜像层: sha256:879deea04ef8ee76d3577fd39b7fb819570a06f801142bb16b5f6bd59b68256d

发布日期: 2021-08-18 15:15 修改: 2023-11-07 03:37
com.amazon.redshift:redshift-jdbc42 CVE-2022-41828 高危 2.1.0.1 2.1.0.8 com.amazon.redshift:redshift-jdbc42 vulnerable to remote command execution

漏洞详情: https://avd.aquasec.com/nvd/cve-2022-41828

镜像层: sha256:879deea04ef8ee76d3577fd39b7fb819570a06f801142bb16b5f6bd59b68256d

发布日期: 2022-09-29 21:15 修改: 2022-11-07 16:49
org.postgresql:postgresql CVE-2022-31197 高危 42.3.6 42.2.26, 42.4.1, 42.3.7 postgresql: SQL Injection in ResultSet.refreshRow() with malicious column names

漏洞详情: https://avd.aquasec.com/nvd/cve-2022-31197

镜像层: sha256:879deea04ef8ee76d3577fd39b7fb819570a06f801142bb16b5f6bd59b68256d

发布日期: 2022-08-03 19:15 修改: 2023-11-07 03:47
org.springframework:spring-webmvc CVE-2024-38816 高危 6.1.8 6.1.13, 6.0.24, 5.3.40 spring-webmvc: Path Traversal Vulnerability in Spring Applications Using RouterFunctions and FileSystemResource

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-38816

镜像层: sha256:879deea04ef8ee76d3577fd39b7fb819570a06f801142bb16b5f6bd59b68256d

发布日期: 2024-09-13 06:15 修改: 2024-09-13 14:06
org.apache.logging.log4j:log4j-core CVE-2021-44832 中危 2.12.2 2.3.2, 2.12.4, 2.17.1 log4j-core: remote code execution via JDBC Appender

漏洞详情: https://avd.aquasec.com/nvd/cve-2021-44832

镜像层: sha256:879deea04ef8ee76d3577fd39b7fb819570a06f801142bb16b5f6bd59b68256d

发布日期: 2021-12-28 20:15 修改: 2023-11-07 03:39
org.apache.pdfbox:pdfbox CVE-2021-27807 中危 2.0.16 2.0.23 pdfbox: infinite loop while loading a crafted PDF file

漏洞详情: https://avd.aquasec.com/nvd/cve-2021-27807

镜像层: sha256:879deea04ef8ee76d3577fd39b7fb819570a06f801142bb16b5f6bd59b68256d

发布日期: 2021-03-19 16:15 修改: 2023-11-07 03:32
org.jsoup:jsoup CVE-2022-36033 中危 1.11.3 1.15.3 jsoup: The jsoup cleaner may incorrectly sanitize crafted XSS attempts if SafeList.preserveRelativeLinks is enabled

漏洞详情: https://avd.aquasec.com/nvd/cve-2022-36033

镜像层: sha256:879deea04ef8ee76d3577fd39b7fb819570a06f801142bb16b5f6bd59b68256d

发布日期: 2022-08-29 17:15 修改: 2022-12-08 03:48
org.apache.pdfbox:pdfbox CVE-2021-27906 中危 2.0.16 2.0.23 pdfbox: OutOfMemory-Exception while loading a crafted PDF file

漏洞详情: https://avd.aquasec.com/nvd/cve-2021-27906

镜像层: sha256:879deea04ef8ee76d3577fd39b7fb819570a06f801142bb16b5f6bd59b68256d

发布日期: 2021-03-19 16:15 修改: 2023-11-07 03:32
org.apache.pdfbox:pdfbox CVE-2021-31811 中危 2.0.16 2.0.24 pdfbox: OutOfMemory-Exception while loading a crafted PDF file

漏洞详情: https://avd.aquasec.com/nvd/cve-2021-31811

镜像层: sha256:879deea04ef8ee76d3577fd39b7fb819570a06f801142bb16b5f6bd59b68256d

发布日期: 2021-06-12 10:15 修改: 2023-11-07 03:35
org.postgresql:postgresql CVE-2022-41946 中危 42.3.6 42.2.27, 42.3.8, 42.4.3, 42.5.1 postgresql-jdbc: Information leak of prepared statement data due to insecure temporary file permissions

漏洞详情: https://avd.aquasec.com/nvd/cve-2022-41946

镜像层: sha256:879deea04ef8ee76d3577fd39b7fb819570a06f801142bb16b5f6bd59b68256d

发布日期: 2022-11-23 20:15 修改: 2024-03-29 13:15
org.springframework:spring-context CVE-2024-38820 中危 6.1.8 6.1.14, 6.0.25, 5.3.41 The fix for CVE-2022-22968 made disallowedFieldspatterns in DataBinder ...

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-38820

镜像层: sha256:879deea04ef8ee76d3577fd39b7fb819570a06f801142bb16b5f6bd59b68256d

发布日期: 2024-10-18 06:15 修改: 2024-10-22 15:42
org.springframework:spring-web CVE-2024-38809 中危 6.1.8 5.3.38, 6.0.23, 6.1.12 org.springframework:spring-web: Spring Framework DoS via conditional HTTP request

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-38809

镜像层: sha256:879deea04ef8ee76d3577fd39b7fb819570a06f801142bb16b5f6bd59b68256d

发布日期: 2024-09-27 17:15 修改: 2024-09-30 12:45
org.apache.pdfbox:pdfbox CVE-2021-31812 中危 2.0.16 2.0.24 pdfbox: infinite loop while loading a crafted PDF file

漏洞详情: https://avd.aquasec.com/nvd/cve-2021-31812

镜像层: sha256:879deea04ef8ee76d3577fd39b7fb819570a06f801142bb16b5f6bd59b68256d

发布日期: 2021-06-12 10:15 修改: 2023-11-07 03:35
org.apache.logging.log4j:log4j-core CVE-2020-9488 低危 2.12.2 2.13.2, 2.12.3, 2.3.2 log4j: improper validation of certificate with host mismatch in SMTP appender

漏洞详情: https://avd.aquasec.com/nvd/cve-2020-9488

镜像层: sha256:879deea04ef8ee76d3577fd39b7fb819570a06f801142bb16b5f6bd59b68256d

发布日期: 2020-04-27 16:15 修改: 2023-11-07 03:26
org.xmlunit:xmlunit-core CVE-2024-31573 低危 2.9.1 2.10.0 XMLUnit for Java has Insecure Defaults when Processing XSLT Stylesheets

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-31573

镜像层: sha256:879deea04ef8ee76d3577fd39b7fb819570a06f801142bb16b5f6bd59b68256d

发布日期: 0001-01-01 00:00 修改: 0001-01-01 00:00
usr/local/bin/check (gobinary)
低危漏洞:0 中危漏洞:3 高危漏洞:1 严重漏洞:0
软件包 漏洞 安全状态 安装版本 修复版本 漏洞信息
stdlib CVE-2024-34156 高危 1.22.4 1.22.7, 1.23.1 encoding/gob: golang: Calling Decoder.Decode on a message which contains deeply nested structures can cause a panic due to stack exhaustion

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-34156

镜像层: sha256:baa24a4609e66c23a8c49d9d8c6ba3ecd78463aaca31daf96d176be6fabcf476

发布日期: 2024-09-06 21:15 修改: 2024-09-09 15:35
stdlib CVE-2024-24791 中危 1.22.4 1.21.12, 1.22.5 net/http: Denial of service due to improper 100-continue handling in net/http

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-24791

镜像层: sha256:baa24a4609e66c23a8c49d9d8c6ba3ecd78463aaca31daf96d176be6fabcf476

发布日期: 2024-07-02 22:15 修改: 2024-07-08 14:17
stdlib CVE-2024-34155 中危 1.22.4 1.22.7, 1.23.1 go/parser: golang: Calling any of the Parse functions containing deeply nested literals can cause a panic/stack exhaustion

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-34155

镜像层: sha256:baa24a4609e66c23a8c49d9d8c6ba3ecd78463aaca31daf96d176be6fabcf476

发布日期: 2024-09-06 21:15 修改: 2024-09-09 13:03
stdlib CVE-2024-34158 中危 1.22.4 1.22.7, 1.23.1 go/build/constraint: golang: Calling Parse on a "// +build" build tag line with deeply nested expressions can cause a panic due to stack exhaustion

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-34158

镜像层: sha256:baa24a4609e66c23a8c49d9d8c6ba3ecd78463aaca31daf96d176be6fabcf476

发布日期: 2024-09-06 21:15 修改: 2024-09-09 14:35