ghcr.io/facebookincubator/velox-dev:centos8 linux/amd64

ghcr.io/facebookincubator/velox-dev:centos8 - Trivy安全扫描结果扫描时间: 2024-11-14 15:11

全部漏洞信息

低危漏洞:2

中危漏洞:7

高危漏洞:3

严重漏洞:2

系统OS: none 扫描引擎: Trivy 扫描时间: 2024-11-14 15:11

Python (python-pkg)

低危漏洞:1

中危漏洞:2

高危漏洞:0

严重漏洞:0

软件包	漏洞	安全状态	安装版本	修复版本	漏洞信息
urllib3	CVE-2024-37891	中危	2.2.1	1.26.19, 2.2.2	urllib3: proxy-authorization request header is not stripped during cross-origin redirects 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-37891 镜像层: sha256:f4ed3b1c36c7c3de8709366baa1fd7b04ba5ad145482f77c948a783a19bacf9d 发布日期: 2024-06-17 20:15 修改: 2024-06-20 12:44
zipp	CVE-2024-5569	中危	3.19.0	3.19.1	github.com/jaraco/zipp: Denial of Service (infinite loop) via crafted zip file in jaraco/zipp 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-5569 镜像层: sha256:f4ed3b1c36c7c3de8709366baa1fd7b04ba5ad145482f77c948a783a19bacf9d 发布日期: 2024-07-09 00:15 修改: 2024-07-09 18:19
certifi	CVE-2024-39689	低危	2024.2.2	2024.07.04	python-certifi: Remove root certificates from `GLOBALTRUST` from the root store 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-39689 镜像层: sha256:f4ed3b1c36c7c3de8709366baa1fd7b04ba5ad145482f77c948a783a19bacf9d 发布日期: 2024-07-05 19:15 修改: 2024-07-08 15:49

软件包

漏洞

安全状态

安装版本

修复版本

漏洞信息

urllib3

CVE-2024-37891

中危

2.2.1

1.26.19, 2.2.2

urllib3: proxy-authorization request header is not stripped during cross-origin redirects

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-37891

镜像层: sha256:f4ed3b1c36c7c3de8709366baa1fd7b04ba5ad145482f77c948a783a19bacf9d

发布日期: 2024-06-17 20:15 修改: 2024-06-20 12:44

zipp

CVE-2024-5569

中危

3.19.0

3.19.1

github.com/jaraco/zipp: Denial of Service (infinite loop) via crafted zip file in jaraco/zipp

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-5569

镜像层: sha256:f4ed3b1c36c7c3de8709366baa1fd7b04ba5ad145482f77c948a783a19bacf9d

发布日期: 2024-07-09 00:15 修改: 2024-07-09 18:19

certifi

CVE-2024-39689

低危

2024.2.2

2024.07.04

python-certifi: Remove root certificates from `GLOBALTRUST` from the root store

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-39689

镜像层: sha256:f4ed3b1c36c7c3de8709366baa1fd7b04ba5ad145482f77c948a783a19bacf9d

发布日期: 2024-07-05 19:15 修改: 2024-07-08 15:49

usr/bin/gh (gobinary)

低危漏洞:1

中危漏洞:5

高危漏洞:3

严重漏洞:2

软件包	漏洞	安全状态	安装版本	修复版本	漏洞信息
github.com/docker/docker	CVE-2024-41110	严重	v24.0.9+incompatible	23.0.15, 26.1.5, 27.1.1, 25.0.6	moby: Authz zero length regression 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-41110 镜像层: sha256:f4ed3b1c36c7c3de8709366baa1fd7b04ba5ad145482f77c948a783a19bacf9d 发布日期: 2024-07-24 17:15 修改: 2024-07-30 20:15
stdlib	CVE-2024-24790	严重	1.22.2	1.21.11, 1.22.4	golang: net/netip: Unexpected behavior from Is methods for IPv4-mapped IPv6 addresses 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-24790 镜像层: sha256:f4ed3b1c36c7c3de8709366baa1fd7b04ba5ad145482f77c948a783a19bacf9d 发布日期: 2024-06-05 16:15 修改: 2024-09-03 18:35
github.com/theupdateframework/go-tuf/v2	CVE-2024-47534	高危	v2.0.0-20240223092044-1e7978e83f63	2.0.1	Incorrect delegation lookups can make go-tuf download the wrong artifact 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-47534 镜像层: sha256:f4ed3b1c36c7c3de8709366baa1fd7b04ba5ad145482f77c948a783a19bacf9d 发布日期: 2024-10-01 16:15 修改: 2024-10-11 15:15
stdlib	CVE-2024-24788	高危	1.22.2	1.22.3	golang: net: malformed DNS message can cause infinite loop 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-24788 镜像层: sha256:f4ed3b1c36c7c3de8709366baa1fd7b04ba5ad145482f77c948a783a19bacf9d 发布日期: 2024-05-08 16:15 修改: 2024-06-14 13:15
stdlib	CVE-2024-34156	高危	1.22.2	1.22.7, 1.23.1	encoding/gob: golang: Calling Decoder.Decode on a message which contains deeply nested structures can cause a panic due to stack exhaustion 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-34156 镜像层: sha256:f4ed3b1c36c7c3de8709366baa1fd7b04ba5ad145482f77c948a783a19bacf9d 发布日期: 2024-09-06 21:15 修改: 2024-09-09 15:35
github.com/hashicorp/go-retryablehttp	CVE-2024-6104	中危	v0.7.5	0.7.7	go-retryablehttp: url might write sensitive information to log file 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-6104 镜像层: sha256:f4ed3b1c36c7c3de8709366baa1fd7b04ba5ad145482f77c948a783a19bacf9d 发布日期: 2024-06-24 17:15 修改: 2024-06-26 17:19
stdlib	CVE-2024-24789	中危	1.22.2	1.21.11, 1.22.4	golang: archive/zip: Incorrect handling of certain ZIP files 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-24789 镜像层: sha256:f4ed3b1c36c7c3de8709366baa1fd7b04ba5ad145482f77c948a783a19bacf9d 发布日期: 2024-06-05 16:15 修改: 2024-07-03 01:48
stdlib	CVE-2024-24791	中危	1.22.2	1.21.12, 1.22.5	net/http: Denial of service due to improper 100-continue handling in net/http 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-24791 镜像层: sha256:f4ed3b1c36c7c3de8709366baa1fd7b04ba5ad145482f77c948a783a19bacf9d 发布日期: 2024-07-02 22:15 修改: 2024-07-08 14:17
stdlib	CVE-2024-34155	中危	1.22.2	1.22.7, 1.23.1	go/parser: golang: Calling any of the Parse functions containing deeply nested literals can cause a panic/stack exhaustion 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-34155 镜像层: sha256:f4ed3b1c36c7c3de8709366baa1fd7b04ba5ad145482f77c948a783a19bacf9d 发布日期: 2024-09-06 21:15 修改: 2024-11-04 17:35
stdlib	CVE-2024-34158	中危	1.22.2	1.22.7, 1.23.1	go/build/constraint: golang: Calling Parse on a "// +build" build tag line with deeply nested expressions can cause a panic due to stack exhaustion 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-34158 镜像层: sha256:f4ed3b1c36c7c3de8709366baa1fd7b04ba5ad145482f77c948a783a19bacf9d 发布日期: 2024-09-06 21:15 修改: 2024-09-09 14:35
github.com/sigstore/sigstore-go	CVE-2024-45395	低危	v0.3.0	0.6.1	sigstore-go has an unbounded loop over untrusted input can lead to endless data attack 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-45395 镜像层: sha256:f4ed3b1c36c7c3de8709366baa1fd7b04ba5ad145482f77c948a783a19bacf9d 发布日期: 2024-09-04 21:15 修改: 2024-09-24 16:50