ghcr.io/idaholab/malcolm/logstash-oss:26.06.0 - Trivy镜像安全扫描结果

全部漏洞信息

低危漏洞:1

中危漏洞:8

高危漏洞:21

严重漏洞:0

系统OS: redhat 9.8 扫描引擎: Trivy 扫描时间: 2026-06-13 18:52

ghcr.io/idaholab/malcolm/logstash-oss:26.06.0 (redhat 9.8) (redhat)

低危漏洞:0

中危漏洞:0

高危漏洞:0

严重漏洞:0

软件包	漏洞	安全状态	安装版本	修复版本	漏洞信息

Java (jar)

低危漏洞:0

中危漏洞:3

高危漏洞:7

严重漏洞:0

软件包	漏洞	安全状态	安装版本	修复版本	漏洞信息
io.netty:netty-handler	CVE-2026-44249	高危	4.1.134.Final	4.2.15.Final, 4.1.135.Final	Netty is a network application framework for development of protocol s ... 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-44249 镜像层: sha256:db3e4bf17bb4efcb2448abb64036495970e1ac1053ff14486eec8443389b2e6a 发布日期: 2026-06-11 22:16 修改: 2026-06-12 15:55
io.netty:netty-handler	CVE-2026-44249	高危	4.1.134.Final	4.2.15.Final, 4.1.135.Final	Netty is a network application framework for development of protocol s ... 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-44249 镜像层: sha256:db3e4bf17bb4efcb2448abb64036495970e1ac1053ff14486eec8443389b2e6a 发布日期: 2026-06-11 22:16 修改: 2026-06-12 15:55
io.netty:netty-handler	CVE-2026-44249	高危	4.1.134.Final	4.2.15.Final, 4.1.135.Final	Netty is a network application framework for development of protocol s ... 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-44249 镜像层: sha256:db3e4bf17bb4efcb2448abb64036495970e1ac1053ff14486eec8443389b2e6a 发布日期: 2026-06-11 22:16 修改: 2026-06-12 15:55
io.netty:netty-handler	CVE-2026-45416	高危	4.1.134.Final	4.2.15.Final, 4.1.135.Final	Netty is a network application framework for development of protocol s ... 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-45416 镜像层: sha256:db3e4bf17bb4efcb2448abb64036495970e1ac1053ff14486eec8443389b2e6a 发布日期: 2026-06-12 15:16 修改: 2026-06-12 15:55
io.netty:netty-handler	CVE-2026-45416	高危	4.1.134.Final	4.2.15.Final, 4.1.135.Final	Netty is a network application framework for development of protocol s ... 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-45416 镜像层: sha256:db3e4bf17bb4efcb2448abb64036495970e1ac1053ff14486eec8443389b2e6a 发布日期: 2026-06-12 15:16 修改: 2026-06-12 15:55
io.netty:netty-handler	CVE-2026-45416	高危	4.1.134.Final	4.2.15.Final, 4.1.135.Final	Netty is a network application framework for development of protocol s ... 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-45416 镜像层: sha256:db3e4bf17bb4efcb2448abb64036495970e1ac1053ff14486eec8443389b2e6a 发布日期: 2026-06-12 15:16 修改: 2026-06-12 15:55
org.bouncycastle:bcprov-jdk18on	CVE-2026-5598	高危	1.83	1.84	bouncycastle: BC-JAVA: private key leakage via non-constant time comparisons 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-5598 镜像层: sha256:db3e4bf17bb4efcb2448abb64036495970e1ac1053ff14486eec8443389b2e6a 发布日期: 2026-04-15 10:16 修改: 2026-05-19 00:16
org.bouncycastle:bcpkix-jdk18on	CVE-2026-5588	中危	1.83	1.84	bouncycastle: BC-JAVA: PKIX draft CompositeVerifier accepts empty signature sequence as valid 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-5588 镜像层: sha256:db3e4bf17bb4efcb2448abb64036495970e1ac1053ff14486eec8443389b2e6a 发布日期: 2026-04-15 10:16 修改: 2026-05-19 00:16
com.fasterxml.jackson.core:jackson-core	GHSA-72hv-8253-57qq	中危	2.16.2	2.21.1, 2.18.6	jackson-core: Number Length Constraint Bypass in Async Parser Leads to Potential DoS Condition 漏洞详情: https://github.com/advisories/GHSA-72hv-8253-57qq 镜像层: sha256:db3e4bf17bb4efcb2448abb64036495970e1ac1053ff14486eec8443389b2e6a 发布日期: 2026-02-28 02:01 修改: 2026-04-07 16:30
org.bouncycastle:bcprov-jdk18on	CVE-2026-0636	中危	1.83	1.84	bouncycastle: BC-JAVA: LDAP injection vulnerability in LDAPStoreHelper.java 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-0636 镜像层: sha256:db3e4bf17bb4efcb2448abb64036495970e1ac1053ff14486eec8443389b2e6a 发布日期: 2026-04-15 10:16 修改: 2026-05-19 00:16

Python (python-pkg)

低危漏洞:0

中危漏洞:0

高危漏洞:3

严重漏洞:0

软件包	漏洞	安全状态	安装版本	修复版本	漏洞信息
setuptools	CVE-2022-40897	高危	53.0.0	65.5.1	pypa-setuptools: Regular Expression Denial of Service (ReDoS) in package_index.py 漏洞详情: https://avd.aquasec.com/nvd/cve-2022-40897 镜像层: sha256:a8fceb80fb3e6ad7cc6b41e96c7469ea3b584a37328f54c3bf2065558b5e50d2 发布日期: 2022-12-23 00:15 修改: 2025-11-04 16:15
setuptools	CVE-2024-6345	高危	53.0.0	70.0.0	pypa/setuptools: Remote code execution via download functions in the package_index module in pypa/setuptools 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-6345 镜像层: sha256:a8fceb80fb3e6ad7cc6b41e96c7469ea3b584a37328f54c3bf2065558b5e50d2 发布日期: 2024-07-15 01:15 修改: 2026-04-15 00:35
setuptools	CVE-2025-47273	高危	53.0.0	78.1.1	setuptools: Path Traversal Vulnerability in setuptools PackageIndex 漏洞详情: https://avd.aquasec.com/nvd/cve-2025-47273 镜像层: sha256:a8fceb80fb3e6ad7cc6b41e96c7469ea3b584a37328f54c3bf2065558b5e50d2 发布日期: 2025-05-17 16:15 修改: 2025-06-12 16:29

软件包

漏洞

安全状态

安装版本

修复版本

漏洞信息

setuptools

CVE-2022-40897

高危

53.0.0

65.5.1

pypa-setuptools: Regular Expression Denial of Service (ReDoS) in package_index.py

漏洞详情: https://avd.aquasec.com/nvd/cve-2022-40897

镜像层: sha256:a8fceb80fb3e6ad7cc6b41e96c7469ea3b584a37328f54c3bf2065558b5e50d2

发布日期: 2022-12-23 00:15 修改: 2025-11-04 16:15

setuptools

CVE-2024-6345

高危

53.0.0

70.0.0

pypa/setuptools: Remote code execution via download functions in the package_index module in pypa/setuptools

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-6345

镜像层: sha256:a8fceb80fb3e6ad7cc6b41e96c7469ea3b584a37328f54c3bf2065558b5e50d2

发布日期: 2024-07-15 01:15 修改: 2026-04-15 00:35

setuptools

CVE-2025-47273

高危

53.0.0

78.1.1

setuptools: Path Traversal Vulnerability in setuptools PackageIndex

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-47273

镜像层: sha256:a8fceb80fb3e6ad7cc6b41e96c7469ea3b584a37328f54c3bf2065558b5e50d2

发布日期: 2025-05-17 16:15 修改: 2025-06-12 16:29

Ruby (gemspec)

低危漏洞:1

中危漏洞:2

高危漏洞:3

严重漏洞:0

软件包	漏洞	安全状态	安装版本	修复版本	漏洞信息
erb	CVE-2026-41316	高危	4.0.4	~> 4.0.3.1, ~> 4.0.4.1, ~> 6.0.1.1, >= 6.0.4	erb: ERB: Arbitrary code execution via deserialization bypass 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-41316 镜像层: sha256:db3e4bf17bb4efcb2448abb64036495970e1ac1053ff14486eec8443389b2e6a 发布日期: 2026-04-24 03:16 修改: 2026-04-29 20:56
puma	CVE-2026-47736	高危	6.6.1	~> 7.2.1, >= 8.0.2	Puma PROXY Protocol v1 Parser Allows Remote Memory Exhaustion 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-47736 镜像层: sha256:db3e4bf17bb4efcb2448abb64036495970e1ac1053ff14486eec8443389b2e6a 发布日期: 0001-01-01 00:00 修改: 0001-01-01 00:00
puma	CVE-2026-47737	高危	6.6.1	~> 7.2.1, >= 8.0.2	Puma PROXY Protocol v1 Accepts Repeated Protocol Headers on Persistent Connections 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-47737 镜像层: sha256:db3e4bf17bb4efcb2448abb64036495970e1ac1053ff14486eec8443389b2e6a 发布日期: 0001-01-01 00:00 修改: 0001-01-01 00:00
net-imap	CVE-2026-47240	中危	0.6.4	0.6.4.1, 0.5.15	Net::IMAP: Command Injection via non-synchronizing literal in "raw" argument 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-47240 镜像层: sha256:db3e4bf17bb4efcb2448abb64036495970e1ac1053ff14486eec8443389b2e6a 发布日期: 0001-01-01 00:00 修改: 0001-01-01 00:00
net-imap	CVE-2026-47242	中危	0.6.4	0.6.4.1, 0.5.15	Net::IMAP: Command Injection via ID command argument 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-47242 镜像层: sha256:db3e4bf17bb4efcb2448abb64036495970e1ac1053ff14486eec8443389b2e6a 发布日期: 0001-01-01 00:00 修改: 0001-01-01 00:00
net-imap	CVE-2026-47241	低危	0.6.4	0.6.4.1, 0.5.15	Net::IMAP: Denial of Service via incomplete raw argument validation 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-47241 镜像层: sha256:db3e4bf17bb4efcb2448abb64036495970e1ac1053ff14486eec8443389b2e6a 发布日期: 0001-01-01 00:00 修改: 0001-01-01 00:00

usr/local/bin/yq (gobinary)

低危漏洞:0

中危漏洞:3

高危漏洞:8

严重漏洞:0

软件包	漏洞	安全状态	安装版本	修复版本	漏洞信息
stdlib	CVE-2026-33811	高危	v1.26.2	1.25.10, 1.26.3	net: golang: Go net package: Denial of Service via long CNAME response in LookupCNAME 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-33811 镜像层: sha256:a8fceb80fb3e6ad7cc6b41e96c7469ea3b584a37328f54c3bf2065558b5e50d2 发布日期: 2026-05-07 20:16 修改: 2026-05-12 20:23
stdlib	CVE-2026-33814	高危	v1.26.2	1.25.10, 1.26.3	When processing HTTP/2 SETTINGS frames, transport will enter an infini ... 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-33814 镜像层: sha256:a8fceb80fb3e6ad7cc6b41e96c7469ea3b584a37328f54c3bf2065558b5e50d2 发布日期: 2026-05-07 20:16 修改: 2026-05-13 14:41
stdlib	CVE-2026-39820	高危	v1.26.2	1.25.10, 1.26.3	Well-crafted inputs reaching ParseAddress, ParseAddressList, and Parse ... 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-39820 镜像层: sha256:a8fceb80fb3e6ad7cc6b41e96c7469ea3b584a37328f54c3bf2065558b5e50d2 发布日期: 2026-05-07 20:16 修改: 2026-05-13 15:10
stdlib	CVE-2026-39823	高危	v1.26.2	1.25.10, 1.26.3	CVE-2026-27142 fixed a vulnerability in which URLs were not correctly ... 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-39823 镜像层: sha256:a8fceb80fb3e6ad7cc6b41e96c7469ea3b584a37328f54c3bf2065558b5e50d2 发布日期: 2026-05-07 20:16 修改: 2026-05-13 16:58
stdlib	CVE-2026-39825	高危	v1.26.2	1.25.10, 1.26.3	ReverseProxy can forward queries containing parameters not visible to ... 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-39825 镜像层: sha256:a8fceb80fb3e6ad7cc6b41e96c7469ea3b584a37328f54c3bf2065558b5e50d2 发布日期: 2026-05-07 20:16 修改: 2026-05-13 16:58
stdlib	CVE-2026-39836	高危	v1.26.2	1.25.10, 1.26.3	ELSA-2026-22112: go-toolset:ol8 security update (IMPORTANT) 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-39836 镜像层: sha256:a8fceb80fb3e6ad7cc6b41e96c7469ea3b584a37328f54c3bf2065558b5e50d2 发布日期: 2026-05-07 20:16 修改: 2026-05-13 15:11
stdlib	CVE-2026-42499	高危	v1.26.2	1.25.10, 1.26.3	Pathological inputs could cause DoS through consumePhrase when parsing ... 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-42499 镜像层: sha256:a8fceb80fb3e6ad7cc6b41e96c7469ea3b584a37328f54c3bf2065558b5e50d2 发布日期: 2026-05-07 20:16 修改: 2026-05-13 16:59
stdlib	CVE-2026-42504	高危	v1.26.2	1.25.11, 1.26.4	Decoding a maliciously-crafted MIME header containing many invalid enc ... 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-42504 镜像层: sha256:a8fceb80fb3e6ad7cc6b41e96c7469ea3b584a37328f54c3bf2065558b5e50d2 发布日期: 2026-06-02 23:16 修改: 2026-06-04 16:15
stdlib	CVE-2026-27145	中危	v1.26.2	1.25.11, 1.26.4	*x509.Certificate).VerifyHostname previously called matchHostnames in ... 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-27145 镜像层: sha256:a8fceb80fb3e6ad7cc6b41e96c7469ea3b584a37328f54c3bf2065558b5e50d2 发布日期: 2026-06-02 23:16 修改: 2026-06-04 16:15
stdlib	CVE-2026-39826	中危	v1.26.2	1.25.10, 1.26.3	html/template: golang: html/template: Cross-site scripting due to incorrect script tag escaping 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-39826 镜像层: sha256:a8fceb80fb3e6ad7cc6b41e96c7469ea3b584a37328f54c3bf2065558b5e50d2 发布日期: 2026-05-07 20:16 修改: 2026-05-13 16:59
stdlib	CVE-2026-42507	中危	v1.26.2	1.25.11, 1.26.4	When returning errors, functions in the net/textproto package would in ... 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-42507 镜像层: sha256:a8fceb80fb3e6ad7cc6b41e96c7469ea3b584a37328f54c3bf2065558b5e50d2 发布日期: 2026-06-02 23:16 修改: 2026-06-04 16:15

usr/share/doc/git/contrib/libgit-rs/Cargo.lock (cargo)

低危漏洞:0

中危漏洞:0

高危漏洞:0

严重漏洞:0

软件包	漏洞	安全状态	安装版本	修复版本	漏洞信息

usr/share/doc/git/contrib/libgit-sys/Cargo.lock (cargo)

低危漏洞:0

中危漏洞:0

高危漏洞:0

严重漏洞:0

软件包	漏洞	安全状态	安装版本	修复版本	漏洞信息

ghcr.io/idaholab/malcolm/logstash-oss:26.06.0 linux/amd64

全部漏洞信息

ghcr.io/idaholab/malcolm/logstash-oss:26.06.0 (redhat 9.8) (redhat)

Java (jar)

Python (python-pkg)

Ruby (gemspec)

usr/local/bin/yq (gobinary)

usr/share/doc/git/contrib/libgit-rs/Cargo.lock (cargo)

usr/share/doc/git/contrib/libgit-sys/Cargo.lock (cargo)