docker.io/xhofe/alist:latest-aio - Trivy镜像安全扫描结果

全部漏洞信息

低危漏洞:2

中危漏洞:3

高危漏洞:1

严重漏洞:0

系统OS: alpine 3.22.0_alpha20250108 扫描引擎: Trivy 扫描时间: 2025-02-18 16:38

docker.io/xhofe/alist:latest-aio (alpine 3.22.0_alpha20250108) (alpine)

低危漏洞:0

中危漏洞:0

高危漏洞:0

严重漏洞:0

软件包	漏洞	安全状态	安装版本	修复版本	漏洞信息

opt/alist/alist (gobinary)

低危漏洞:2

中危漏洞:2

高危漏洞:1

严重漏洞:0

软件包	漏洞	安全状态	安装版本	修复版本	漏洞信息
golang.org/x/net	CVE-2024-45338	高危	v0.28.0	0.33.0	golang.org/x/net/html: Non-linear parsing of case-insensitive content in golang.org/x/net/html 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-45338 镜像层: sha256:32a6aa468720d8eff91a632707bb14e5a536ce8ea21b992354e9a20d2ff8fc72 发布日期: 2024-12-18 21:15 修改: 2024-12-31 20:16
github.com/rclone/rclone	CVE-2024-52522	中危	v1.67.0	1.68.2	rclone: librclone: improper permission and ownership handling on symlink targets with --links and --metadata 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-52522 镜像层: sha256:32a6aa468720d8eff91a632707bb14e5a536ce8ea21b992354e9a20d2ff8fc72 发布日期: 2024-11-15 18:15 修改: 2024-11-18 17:11
gopkg.in/square/go-jose.v2	CVE-2024-28180	中危	v2.6.0		jose-go: improper handling of highly compressed data 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-28180 镜像层: sha256:32a6aa468720d8eff91a632707bb14e5a536ce8ea21b992354e9a20d2ff8fc72 发布日期: 2024-03-09 01:15 修改: 2024-06-12 02:15
github.com/golang-jwt/jwt/v4	CVE-2024-51744	低危	v4.5.0	4.5.1	golang-jwt: Bad documentation of error handling in ParseWithClaims can lead to potentially dangerous situations in golang-jwt 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-51744 镜像层: sha256:32a6aa468720d8eff91a632707bb14e5a536ce8ea21b992354e9a20d2ff8fc72 发布日期: 2024-11-04 22:15 修改: 2024-11-05 16:04
github.com/disintegration/imaging	CVE-2023-36308	低危	v1.6.2		disintegration Imaging 1.6.2 allows attackers to cause a panic (becaus ... 漏洞详情: https://avd.aquasec.com/nvd/cve-2023-36308 镜像层: sha256:32a6aa468720d8eff91a632707bb14e5a536ce8ea21b992354e9a20d2ff8fc72 发布日期: 2023-09-05 04:15 修改: 2024-08-02 17:16

usr/lib/librav1e.so.0.7.1 (rustbinary)

低危漏洞:0

中危漏洞:1

高危漏洞:0

严重漏洞:0

软件包	漏洞	安全状态	安装版本	修复版本	漏洞信息
anstream	GHSA-2rxc-gjrp-vjhx	中危	0.6.5	0.6.8	Unsoundness in anstream 漏洞详情: https://github.com/advisories/GHSA-2rxc-gjrp-vjhx 镜像层: sha256:7773f7b8ff3f5f9f479e9763e65b4acc6a09c919842b4346d229ab35e7db6810 发布日期: 0001-01-01 00:00 修改: 0001-01-01 00:00

软件包

漏洞

安全状态

安装版本

修复版本

漏洞信息

anstream

GHSA-2rxc-gjrp-vjhx

中危

0.6.5

0.6.8

Unsoundness in anstream

漏洞详情: https://github.com/advisories/GHSA-2rxc-gjrp-vjhx

镜像层: sha256:7773f7b8ff3f5f9f479e9763e65b4acc6a09c919842b4346d229ab35e7db6810

发布日期: 0001-01-01 00:00 修改: 0001-01-01 00:00

docker.io/xhofe/alist:latest-aio linux/amd64

全部漏洞信息

docker.io/xhofe/alist:latest-aio (alpine 3.22.0_alpha20250108) (alpine)

opt/alist/alist (gobinary)

usr/lib/librav1e.so.0.7.1 (rustbinary)