Last active
May 8, 2024 12:19
-
-
Save cdupuis/04874ce37eff4105dbcd1b7d2b9e2166 to your computer and use it in GitHub Desktop.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| { | |
| "version": "15.0.6", | |
| "vulnerabilities": [ | |
| { | |
| "id": "b8b00cd988d5f008916a3ca2bd8c42cbf50fe654f281b3d3bbaddf424015a58e", | |
| "category": "container_scanning", | |
| "message": "CVE-2024-24788 on stdlib@1.22.2", | |
| "description": "A malformed DNS message in response to a query can cause the Lookup functions to get stuck in an infinite loop.", | |
| "cve": "CVE-2024-24788", | |
| "severity": "Unknown", | |
| "confidence": "Unknown", | |
| "solution": "Upgrade stdlib@1.22.2 to 1.22.3", | |
| "scanner": { | |
| "id": "docker-scout", | |
| "name": "Docker Scout" | |
| }, | |
| "location": { | |
| "dependency": { | |
| "package": { | |
| "name": "pkg:golang/stdlib@1.22.2" | |
| }, | |
| "version": "1.22.2" | |
| }, | |
| "operating_system": "unknown", | |
| "image": "docker/scout-cli:1a74938" | |
| }, | |
| "identifiers": [ | |
| { | |
| "type": "cve", | |
| "name": "CVE-2024-24788", | |
| "value": "CVE-2024-24788", | |
| "url": "https://scout.docker.com/v/CVE-2024-24788?s=golang&n=stdlib&t=golang&vr=%3E%3D1.22.0-0%2C%3C1.22.3" | |
| } | |
| ], | |
| "links": [ | |
| { | |
| "url": "https://scout.docker.com/v/CVE-2024-24788?s=golang&n=stdlib&t=golang&vr=%3E%3D1.22.0-0%2C%3C1.22.3" | |
| } | |
| ] | |
| }, | |
| { | |
| "id": "7ac1ae3e138144e92b48a74430192d42bedd75dbc66fb1c7215a4cb60444c1ce", | |
| "category": "container_scanning", | |
| "message": "CVE-2020-8912 on github.com/aws/aws-sdk-go@1.44.288", | |
| "description": "The Go AWS S3 Crypto SDK contains vulnerabilities that can permit an attacker with write access to a bucket to decrypt files in that bucket.\n\nFiles encrypted by the V1 EncryptionClient using either the AES-CBC content cipher or the KMS key wrap algorithm are vulnerable. Users should migrate to the V1 EncryptionClientV2 API, which will not create vulnerable files. Old files will remain vulnerable until re-encrypted with the new client.\n\n**VEX**\n\nhttps://scout.docker.com/public/vex-494c043465bc1cd50985521d9e606d19d8de4bbae76519c12b0b3750b6cbcb97\nnot affected [vulnerable code not in execute path]\nManually verified by govulncheck\ncd@docker.com", | |
| "cve": "CVE-2020-8912", | |
| "severity": "Low", | |
| "confidence": "Unknown", | |
| "scanner": { | |
| "id": "docker-scout", | |
| "name": "Docker Scout" | |
| }, | |
| "location": { | |
| "dependency": { | |
| "package": { | |
| "name": "pkg:golang/github.com/aws/aws-sdk-go@1.44.288" | |
| }, | |
| "version": "1.44.288" | |
| }, | |
| "operating_system": "unknown", | |
| "image": "docker/scout-cli:1a74938" | |
| }, | |
| "identifiers": [ | |
| { | |
| "type": "cve", | |
| "name": "CVE-2020-8912", | |
| "value": "CVE-2020-8912", | |
| "url": "https://scout.docker.com/v/CVE-2020-8912?s=golang&n=aws-sdk-go&ns=github.com%2Faws&t=golang&vr=%3E%3D0" | |
| } | |
| ], | |
| "links": [ | |
| { | |
| "url": "https://scout.docker.com/v/CVE-2020-8912?s=golang&n=aws-sdk-go&ns=github.com%2Faws&t=golang&vr=%3E%3D0" | |
| } | |
| ], | |
| "flags": [ | |
| { | |
| "type": "flagged-as-likely-false-positive", | |
| "origin": "Docker Scout", | |
| "description": "https://scout.docker.com/public/vex-494c043465bc1cd50985521d9e606d19d8de4bbae76519c12b0b3750b6cbcb97\nnot affected [vulnerable code not in execute path]\nManually verified by govulncheck\ncd@docker.com" | |
| } | |
| ] | |
| }, | |
| { | |
| "id": "4dd7109d31e3d5476c4f2baf2dcfb12b373740db4eed99b75d3cea382e225ab9", | |
| "category": "container_scanning", | |
| "message": "CVE-2020-8911 on github.com/aws/aws-sdk-go@1.44.288", | |
| "description": "The Go AWS S3 Crypto SDK contains vulnerabilities that can permit an attacker with write access to a bucket to decrypt files in that bucket.\n\nFiles encrypted by the V1 EncryptionClient using either the AES-CBC content cipher or the KMS key wrap algorithm are vulnerable. Users should migrate to the V1 EncryptionClientV2 API, which will not create vulnerable files. Old files will remain vulnerable until re-encrypted with the new client.\n\n**VEX**\n\nhttps://scout.docker.com/public/vex-494c043465bc1cd50985521d9e606d19d8de4bbae76519c12b0b3750b6cbcb97\nnot affected [vulnerable code not in execute path]\nManually verified by govulncheck\ncd@docker.com", | |
| "cve": "CVE-2020-8911", | |
| "severity": "Medium", | |
| "confidence": "Unknown", | |
| "scanner": { | |
| "id": "docker-scout", | |
| "name": "Docker Scout" | |
| }, | |
| "location": { | |
| "dependency": { | |
| "package": { | |
| "name": "pkg:golang/github.com/aws/aws-sdk-go@1.44.288" | |
| }, | |
| "version": "1.44.288" | |
| }, | |
| "operating_system": "unknown", | |
| "image": "docker/scout-cli:1a74938" | |
| }, | |
| "identifiers": [ | |
| { | |
| "type": "cve", | |
| "name": "CVE-2020-8911", | |
| "value": "CVE-2020-8911", | |
| "url": "https://scout.docker.com/v/CVE-2020-8911?s=golang&n=aws-sdk-go&ns=github.com%2Faws&t=golang&vr=%3E%3D0" | |
| } | |
| ], | |
| "links": [ | |
| { | |
| "url": "https://scout.docker.com/v/CVE-2020-8911?s=golang&n=aws-sdk-go&ns=github.com%2Faws&t=golang&vr=%3E%3D0" | |
| } | |
| ], | |
| "flags": [ | |
| { | |
| "type": "flagged-as-likely-false-positive", | |
| "origin": "Docker Scout", | |
| "description": "https://scout.docker.com/public/vex-494c043465bc1cd50985521d9e606d19d8de4bbae76519c12b0b3750b6cbcb97\nnot affected [vulnerable code not in execute path]\nManually verified by govulncheck\ncd@docker.com" | |
| } | |
| ] | |
| }, | |
| { | |
| "id": "4fc6ce5875b45996057f9cb0688ee97363a4c1f01ad27d8091f92d510545a1b5", | |
| "category": "container_scanning", | |
| "message": "CVE-2024-0406 on github.com/mholt/archiver@3.5.1", | |
| "description": "A flaw was discovered in the mholt/archiver package. This flaw allows an attacker to create a specially crafted tar file, which, when unpacked, may allow access to restricted files or directories. This issue can allow the creation or overwriting of files with the user's or application's privileges using the library.\n\n**VEX**\n\nhttps://scout.docker.com/public/vex-494c043465bc1cd50985521d9e606d19d8de4bbae76519c12b0b3750b6cbcb97\nnot affected [vulnerable code not in execute path]\nManually verified by govulncheck\ncd@docker.com", | |
| "cve": "CVE-2024-0406", | |
| "severity": "Medium", | |
| "confidence": "Unknown", | |
| "scanner": { | |
| "id": "docker-scout", | |
| "name": "Docker Scout" | |
| }, | |
| "location": { | |
| "dependency": { | |
| "package": { | |
| "name": "pkg:golang/github.com/mholt/archiver@3.5.1#v3" | |
| }, | |
| "version": "3.5.1" | |
| }, | |
| "operating_system": "unknown", | |
| "image": "docker/scout-cli:1a74938" | |
| }, | |
| "identifiers": [ | |
| { | |
| "type": "cve", | |
| "name": "CVE-2024-0406", | |
| "value": "CVE-2024-0406", | |
| "url": "https://scout.docker.com/v/CVE-2024-0406?s=github&n=v3&ns=github.com%2Fmholt%2Farchiver&t=golang&vr=%3E%3D3.0.0%2C%3C%3D3.5.1" | |
| } | |
| ], | |
| "links": [ | |
| { | |
| "url": "https://scout.docker.com/v/CVE-2024-0406?s=github&n=v3&ns=github.com%2Fmholt%2Farchiver&t=golang&vr=%3E%3D3.0.0%2C%3C%3D3.5.1" | |
| } | |
| ], | |
| "flags": [ | |
| { | |
| "type": "flagged-as-likely-false-positive", | |
| "origin": "Docker Scout", | |
| "description": "https://scout.docker.com/public/vex-494c043465bc1cd50985521d9e606d19d8de4bbae76519c12b0b3750b6cbcb97\nnot affected [vulnerable code not in execute path]\nManually verified by govulncheck\ncd@docker.com" | |
| } | |
| ] | |
| } | |
| ], | |
| "remediations": [], | |
| "scan": { | |
| "start_time": "2024-05-08T14:18:41", | |
| "end_time": "2024-05-08T14:18:41", | |
| "status": "success", | |
| "type": "container_scanning", | |
| "scanner": { | |
| "id": "docker-scout", | |
| "name": "Docker Scout", | |
| "version": "1.8.0-11-g19ce70f", | |
| "vendor": { | |
| "name": "Docker" | |
| } | |
| }, | |
| "analyzer": { | |
| "id": "docker-scout", | |
| "name": "Docker Scout", | |
| "version": "1.8.0-11-g19ce70f", | |
| "vendor": { | |
| "name": "Docker" | |
| } | |
| } | |
| } | |
| } |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment