Created
November 17, 2022 21:28
-
-
Save atombrella/465b4c7d4ff628f1e1d97d8f9cec5d80 to your computer and use it in GitHub Desktop.
trivy docker image with user
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
➜ docker run --rm -v ${HOME}/.cache:/root/.cache/ aquasec/trivy:user image python:3.4-alpine | |
2022-11-17T21:14:36.070Z INFO Need to update DB | |
2022-11-17T21:14:36.070Z INFO DB Repository: ghcr.io/aquasecurity/trivy-db | |
2022-11-17T21:14:36.070Z INFO Downloading DB... | |
846.35 KiB / 35.05 MiB [->___________________________________________________________] 2.36% ? p/s ?1.58 MiB / 35.05 MiB [-->____________________________________________________________] 4.50% ? p/s ?2.39 MiB / 35.05 MiB [---->__________________________________________________________] 6.82% ? p/s ?3.17 MiB / 35.05 MiB [---->______________________________________________] 9.04% 3.90 MiB p/s ETA 8s4.08 MiB / 35.05 MiB [----->____________________________________________] 11.63% 3.90 MiB p/s ETA 7s4.98 MiB / 35.05 MiB [------->__________________________________________] 14.21% 3.90 MiB p/s ETA 7s5.89 MiB / 35.05 MiB [-------->_________________________________________] 16.80% 3.94 MiB p/s ETA 7s6.92 MiB / 35.05 MiB [--------->________________________________________] 19.74% 3.94 MiB p/s ETA 7s7.89 MiB / 35.05 MiB [----------->______________________________________] 22.51% 3.94 MiB p/s ETA 6s8.65 MiB / 35.05 MiB [------------>_____________________________________] 24.69% 3.99 MiB p/s ETA 6s9.48 MiB / 35.05 MiB [------------->____________________________________] 27.05% 3.99 MiB p/s ETA 6s10.39 MiB / 35.05 MiB [-------------->__________________________________] 29.64% 3.99 MiB p/s ETA 6s11.22 MiB / 35.05 MiB [--------------->_________________________________] 32.00% 4.00 MiB p/s ETA 5s12.08 MiB / 35.05 MiB [---------------->________________________________] 34.45% 4.00 MiB p/s ETA 5s12.89 MiB / 35.05 MiB [------------------>______________________________] 36.77% 4.00 MiB p/s ETA 5s13.73 MiB / 35.05 MiB [------------------->_____________________________] 39.18% 4.02 MiB p/s ETA 5s14.76 MiB / 35.05 MiB [-------------------->____________________________] 42.12% 4.02 MiB p/s ETA 5s15.59 MiB / 35.05 MiB [--------------------->___________________________] 44.48% 4.02 MiB p/s ETA 4s16.58 MiB / 35.05 MiB [----------------------->_________________________] 47.29% 4.06 MiB p/s ETA 4s17.59 MiB / 35.05 MiB [------------------------>________________________] 50.19% 4.06 MiB p/s ETA 4s18.53 MiB / 35.05 MiB [------------------------->_______________________] 52.86% 4.06 MiB p/s ETA 4s19.47 MiB / 35.05 MiB [--------------------------->_____________________] 55.53% 4.11 MiB p/s ETA 3s20.76 MiB / 35.05 MiB [----------------------------->___________________] 59.23% 4.11 MiB p/s ETA 3s21.70 MiB / 35.05 MiB [------------------------------>__________________] 61.91% 4.11 MiB p/s ETA 3s22.83 MiB / 35.05 MiB [------------------------------->_________________] 65.12% 4.21 MiB p/s ETA 2s23.89 MiB / 35.05 MiB [--------------------------------->_______________] 68.15% 4.21 MiB p/s ETA 2s25.01 MiB / 35.05 MiB [---------------------------------->______________] 71.36% 4.21 MiB p/s ETA 2s26.12 MiB / 35.05 MiB [------------------------------------>____________] 74.52% 4.29 MiB p/s ETA 2s27.15 MiB / 35.05 MiB [------------------------------------->___________] 77.46% 4.29 MiB p/s ETA 1s27.56 MiB / 35.05 MiB [-------------------------------------->__________] 78.62% 4.29 MiB p/s ETA 1s28.53 MiB / 35.05 MiB [--------------------------------------->_________] 81.39% 4.27 MiB p/s ETA 1s30.39 MiB / 35.05 MiB [------------------------------------------>______] 86.69% 4.27 MiB p/s ETA 1s30.69 MiB / 35.05 MiB [------------------------------------------>______] 87.54% 4.27 MiB p/s ETA 1s32.62 MiB / 35.05 MiB [--------------------------------------------->___] 93.07% 4.44 MiB p/s ETA 0s33.72 MiB / 35.05 MiB [----------------------------------------------->_] 96.19% 4.44 MiB p/s ETA 0s34.90 MiB / 35.05 MiB [------------------------------------------------>] 99.57% 4.44 MiB p/s ETA 0s35.05 MiB / 35.05 MiB [----------------------------------------------->] 100.00% 4.41 MiB p/s ETA 0s35.05 MiB / 35.05 MiB [----------------------------------------------->] 100.00% 4.41 MiB p/s ETA 0s35.05 MiB / 35.05 MiB [----------------------------------------------->] 100.00% 4.41 MiB p/s ETA 0s35.05 MiB / 35.05 MiB [----------------------------------------------->] 100.00% 4.13 MiB p/s ETA 0s35.05 MiB / 35.05 MiB [----------------------------------------------->] 100.00% 4.13 MiB p/s ETA 0s35.05 MiB / 35.05 MiB [--------------------------------------------------] 100.00% 4.29 MiB p/s 8.4s2022-11-17T21:14:45.310Z INFO Vulnerability scanning is enabled | |
2022-11-17T21:14:45.310Z INFO Secret scanning is enabled | |
2022-11-17T21:14:45.310Z INFO If your scanning is slow, please try '--security-checks vuln' to disable secret scanning | |
2022-11-17T21:14:45.310Z INFO Please see also https://aquasecurity.github.io/trivy/v0.34/docs/secret/scanning/#recommendation for faster secret detection | |
2022-11-17T21:14:51.614Z INFO Detected OS: alpine | |
2022-11-17T21:14:51.614Z INFO Detecting Alpine vulnerabilities... | |
2022-11-17T21:14:51.615Z INFO Number of language-specific files: 1 | |
2022-11-17T21:14:51.615Z INFO Detecting python-pkg vulnerabilities... | |
2022-11-17T21:14:51.617Z WARN This OS version is no longer supported by the distribution: alpine 3.9.2 | |
2022-11-17T21:14:51.617Z WARN The vulnerability detection may be insufficient because security updates are not provided | |
2022-11-17T21:14:51.627Z INFO Table result includes only package filenames. Use '--format json' option to get the full path to the package file. | |
python:3.4-alpine (alpine 3.9.2) | |
================================ | |
Total: 37 (UNKNOWN: 0, LOW: 4, MEDIUM: 16, HIGH: 13, CRITICAL: 4) | |
┌──────────────┬────────────────┬──────────┬───────────────────┬───────────────┬──────────────────────────────────────────────────────────────┐ | |
│ Library │ Vulnerability │ Severity │ Installed Version │ Fixed Version │ Title │ | |
├──────────────┼────────────────┼──────────┼───────────────────┼───────────────┼──────────────────────────────────────────────────────────────┤ | |
│ expat │ CVE-2018-20843 │ HIGH │ 2.2.6-r0 │ 2.2.7-r0 │ expat: large number of colons in input makes parser consume │ | |
│ │ │ │ │ │ high amount... │ | |
│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2018-20843 │ | |
│ ├────────────────┤ │ ├───────────────┼──────────────────────────────────────────────────────────────┤ | |
│ │ CVE-2019-15903 │ │ │ 2.2.7-r1 │ expat: heap-based buffer over-read via crafted XML input │ | |
│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2019-15903 │ | |
├──────────────┼────────────────┼──────────┼───────────────────┼───────────────┼──────────────────────────────────────────────────────────────┤ | |
│ libbz2 │ CVE-2019-12900 │ CRITICAL │ 1.0.6-r6 │ 1.0.6-r7 │ bzip2: out-of-bounds write in function BZ2_decompress │ | |
│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2019-12900 │ | |
├──────────────┼────────────────┼──────────┼───────────────────┼───────────────┼──────────────────────────────────────────────────────────────┤ | |
│ libcrypto1.1 │ CVE-2019-1543 │ HIGH │ 1.1.1a-r1 │ 1.1.1b-r1 │ openssl: ChaCha20-Poly1305 with long nonces │ | |
│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2019-1543 │ | |
│ ├────────────────┤ │ ├───────────────┼──────────────────────────────────────────────────────────────┤ | |
│ │ CVE-2020-1967 │ │ │ 1.1.1g-r0 │ openssl: Segmentation fault in SSL_check_chain causes denial │ | |
│ │ │ │ │ │ of service │ | |
│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2020-1967 │ | |
│ ├────────────────┤ │ ├───────────────┼──────────────────────────────────────────────────────────────┤ | |
│ │ CVE-2021-23840 │ │ │ 1.1.1j-r0 │ openssl: integer overflow in CipherUpdate │ | |
│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2021-23840 │ | |
│ ├────────────────┤ │ ├───────────────┼──────────────────────────────────────────────────────────────┤ | |
│ │ CVE-2021-3450 │ │ │ 1.1.1k-r0 │ openssl: CA certificate check bypass with │ | |
│ │ │ │ │ │ X509_V_FLAG_X509_STRICT │ | |
│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2021-3450 │ | |
│ ├────────────────┼──────────┤ ├───────────────┼──────────────────────────────────────────────────────────────┤ | |
│ │ CVE-2019-1547 │ MEDIUM │ │ 1.1.1d-r0 │ openssl: side-channel weak encryption vulnerability │ | |
│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2019-1547 │ | |
│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ | |
│ │ CVE-2019-1549 │ │ │ │ openssl: information disclosure in fork() │ | |
│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2019-1549 │ | |
│ ├────────────────┤ │ ├───────────────┼──────────────────────────────────────────────────────────────┤ | |
│ │ CVE-2019-1551 │ │ │ 1.1.1d-r2 │ openssl: Integer overflow in RSAZ modular exponentiation on │ | |
│ │ │ │ │ │ x86_64 │ | |
│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2019-1551 │ | |
│ ├────────────────┤ │ ├───────────────┼──────────────────────────────────────────────────────────────┤ | |
│ │ CVE-2020-1971 │ │ │ 1.1.1i-r0 │ openssl: EDIPARTYNAME NULL pointer de-reference │ | |
│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2020-1971 │ | |
│ ├────────────────┤ │ ├───────────────┼──────────────────────────────────────────────────────────────┤ | |
│ │ CVE-2021-23841 │ │ │ 1.1.1j-r0 │ openssl: NULL pointer dereference in │ | |
│ │ │ │ │ │ X509_issuer_and_serial_hash() │ | |
│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2021-23841 │ | |
│ ├────────────────┤ │ ├───────────────┼──────────────────────────────────────────────────────────────┤ | |
│ │ CVE-2021-3449 │ │ │ 1.1.1k-r0 │ openssl: NULL pointer dereference in signature_algorithms │ | |
│ │ │ │ │ │ processing │ | |
│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2021-3449 │ | |
│ ├────────────────┼──────────┤ ├───────────────┼──────────────────────────────────────────────────────────────┤ | |
│ │ CVE-2019-1563 │ LOW │ │ 1.1.1d-r0 │ openssl: information disclosure in PKCS7_dataDecode and │ | |
│ │ │ │ │ │ CMS_decrypt_set1_pkey │ | |
│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2019-1563 │ | |
│ ├────────────────┤ │ ├───────────────┼──────────────────────────────────────────────────────────────┤ | |
│ │ CVE-2021-23839 │ │ │ 1.1.1j-r0 │ openssl: incorrect SSLv2 rollback protection │ | |
│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2021-23839 │ | |
├──────────────┼────────────────┼──────────┤ ├───────────────┼──────────────────────────────────────────────────────────────┤ | |
│ libssl1.1 │ CVE-2019-1543 │ HIGH │ │ 1.1.1b-r1 │ openssl: ChaCha20-Poly1305 with long nonces │ | |
│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2019-1543 │ | |
│ ├────────────────┤ │ ├───────────────┼──────────────────────────────────────────────────────────────┤ | |
│ │ CVE-2020-1967 │ │ │ 1.1.1g-r0 │ openssl: Segmentation fault in SSL_check_chain causes denial │ | |
│ │ │ │ │ │ of service │ | |
│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2020-1967 │ | |
│ ├────────────────┤ │ ├───────────────┼──────────────────────────────────────────────────────────────┤ | |
│ │ CVE-2021-23840 │ │ │ 1.1.1j-r0 │ openssl: integer overflow in CipherUpdate │ | |
│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2021-23840 │ | |
│ ├────────────────┤ │ ├───────────────┼──────────────────────────────────────────────────────────────┤ | |
│ │ CVE-2021-3450 │ │ │ 1.1.1k-r0 │ openssl: CA certificate check bypass with │ | |
│ │ │ │ │ │ X509_V_FLAG_X509_STRICT │ | |
│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2021-3450 │ | |
│ ├────────────────┼──────────┤ ├───────────────┼──────────────────────────────────────────────────────────────┤ | |
│ │ CVE-2019-1547 │ MEDIUM │ │ 1.1.1d-r0 │ openssl: side-channel weak encryption vulnerability │ | |
│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2019-1547 │ | |
│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ | |
│ │ CVE-2019-1549 │ │ │ │ openssl: information disclosure in fork() │ | |
│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2019-1549 │ | |
│ ├────────────────┤ │ ├───────────────┼──────────────────────────────────────────────────────────────┤ | |
│ │ CVE-2019-1551 │ │ │ 1.1.1d-r2 │ openssl: Integer overflow in RSAZ modular exponentiation on │ | |
│ │ │ │ │ │ x86_64 │ | |
│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2019-1551 │ | |
│ ├────────────────┤ │ ├───────────────┼──────────────────────────────────────────────────────────────┤ | |
│ │ CVE-2020-1971 │ │ │ 1.1.1i-r0 │ openssl: EDIPARTYNAME NULL pointer de-reference │ | |
│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2020-1971 │ | |
│ ├────────────────┤ │ ├───────────────┼──────────────────────────────────────────────────────────────┤ | |
│ │ CVE-2021-23841 │ │ │ 1.1.1j-r0 │ openssl: NULL pointer dereference in │ | |
│ │ │ │ │ │ X509_issuer_and_serial_hash() │ | |
│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2021-23841 │ | |
│ ├────────────────┤ │ ├───────────────┼──────────────────────────────────────────────────────────────┤ | |
│ │ CVE-2021-3449 │ │ │ 1.1.1k-r0 │ openssl: NULL pointer dereference in signature_algorithms │ | |
│ │ │ │ │ │ processing │ | |
│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2021-3449 │ | |
│ ├────────────────┼──────────┤ ├───────────────┼──────────────────────────────────────────────────────────────┤ | |
│ │ CVE-2019-1563 │ LOW │ │ 1.1.1d-r0 │ openssl: information disclosure in PKCS7_dataDecode and │ | |
│ │ │ │ │ │ CMS_decrypt_set1_pkey │ | |
│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2019-1563 │ | |
│ ├────────────────┤ │ ├───────────────┼──────────────────────────────────────────────────────────────┤ | |
│ │ CVE-2021-23839 │ │ │ 1.1.1j-r0 │ openssl: incorrect SSLv2 rollback protection │ | |
│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2021-23839 │ | |
├──────────────┼────────────────┼──────────┼───────────────────┼───────────────┼──────────────────────────────────────────────────────────────┤ | |
│ musl │ CVE-2019-14697 │ CRITICAL │ 1.1.20-r4 │ 1.1.20-r5 │ musl libc through 1.1.23 has an x87 floating-point stack │ | |
│ │ │ │ │ │ adjustment im ...... │ | |
│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2019-14697 │ | |
│ ├────────────────┼──────────┤ ├───────────────┼──────────────────────────────────────────────────────────────┤ | |
│ │ CVE-2020-28928 │ MEDIUM │ │ 1.1.20-r6 │ In musl libc through 1.2.1, wcsnrtombs mishandles particular │ | |
│ │ │ │ │ │ combinati ... │ | |
│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2020-28928 │ | |
├──────────────┼────────────────┼──────────┤ ├───────────────┼──────────────────────────────────────────────────────────────┤ | |
│ musl-utils │ CVE-2019-14697 │ CRITICAL │ │ 1.1.20-r5 │ musl libc through 1.1.23 has an x87 floating-point stack │ | |
│ │ │ │ │ │ adjustment im ...... │ | |
│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2019-14697 │ | |
│ ├────────────────┼──────────┤ ├───────────────┼──────────────────────────────────────────────────────────────┤ | |
│ │ CVE-2020-28928 │ MEDIUM │ │ 1.1.20-r6 │ In musl libc through 1.2.1, wcsnrtombs mishandles particular │ | |
│ │ │ │ │ │ combinati ... │ | |
│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2020-28928 │ | |
├──────────────┼────────────────┼──────────┼───────────────────┼───────────────┼──────────────────────────────────────────────────────────────┤ | |
│ sqlite-libs │ CVE-2019-8457 │ CRITICAL │ 3.26.0-r3 │ 3.28.0-r0 │ sqlite: heap out-of-bound read in function rtreenode() │ | |
│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2019-8457 │ | |
│ ├────────────────┼──────────┤ ├───────────────┼──────────────────────────────────────────────────────────────┤ | |
│ │ CVE-2019-19244 │ HIGH │ │ 3.28.0-r2 │ sqlite: allows a crash if a sub-select uses both DISTINCT │ | |
│ │ │ │ │ │ and window... │ | |
│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2019-19244 │ | |
│ ├────────────────┤ │ ├───────────────┼──────────────────────────────────────────────────────────────┤ | |
│ │ CVE-2019-5018 │ │ │ 3.28.0-r0 │ sqlite: Use-after-free in window function leading to remote │ | |
│ │ │ │ │ │ code execution │ | |
│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2019-5018 │ | |
│ ├────────────────┤ │ ├───────────────┼──────────────────────────────────────────────────────────────┤ | |
│ │ CVE-2020-11655 │ │ │ 3.28.0-r3 │ sqlite: malformed window-function query leads to DoS │ | |
│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2020-11655 │ | |
│ ├────────────────┼──────────┤ ├───────────────┼──────────────────────────────────────────────────────────────┤ | |
│ │ CVE-2019-16168 │ MEDIUM │ │ 3.28.0-r1 │ sqlite: Division by zero in whereLoopAddBtreeIndex in │ | |
│ │ │ │ │ │ sqlite3.c │ | |
│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2019-16168 │ | |
│ ├────────────────┤ │ ├───────────────┼──────────────────────────────────────────────────────────────┤ | |
│ │ CVE-2019-19242 │ │ │ 3.28.0-r2 │ sqlite: SQL injection in sqlite3ExprCodeTarget in expr.c │ | |
│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2019-19242 │ | |
└──────────────┴────────────────┴──────────┴───────────────────┴───────────────┴──────────────────────────────────────────────────────────────┘ | |
Python (python-pkg) | |
=================== | |
Total: 2 (UNKNOWN: 0, LOW: 0, MEDIUM: 1, HIGH: 1, CRITICAL: 0) | |
┌────────────────┬────────────────┬──────────┬───────────────────┬───────────────┬─────────────────────────────────────────────────────────────┐ | |
│ Library │ Vulnerability │ Severity │ Installed Version │ Fixed Version │ Title │ | |
├────────────────┼────────────────┼──────────┼───────────────────┼───────────────┼─────────────────────────────────────────────────────────────┤ | |
│ pip (METADATA) │ CVE-2019-20916 │ HIGH │ 19.0.3 │ 19.2 │ python-pip: directory traversal in _download_http_url() │ | |
│ │ │ │ │ │ function in src/pip/_internal/download.py │ | |
│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2019-20916 │ | |
│ ├────────────────┼──────────┤ ├───────────────┼─────────────────────────────────────────────────────────────┤ | |
│ │ CVE-2021-3572 │ MEDIUM │ │ 21.1 │ python-pip: Incorrect handling of unicode separators in git │ | |
│ │ │ │ │ │ references │ | |
│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2021-3572 │ | |
└────────────────┴────────────────┴──────────┴───────────────────┴───────────────┴─────────────────────────────────────────────────────────────┘ |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment