Created
June 14, 2019 03:49
-
-
Save pascalandy/e313e094036f329482cc53ede6669c9c to your computer and use it in GitHub Desktop.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| ➜ ./runscan.sh | |
| 2019-06-14T03:39:29.076Z INFO Updating vulnerability database... | |
| 2019-06-14T03:39:55.413Z INFO Detecting Alpine vulnerabilities... | |
| 2019-06-14T03:39:55.430Z INFO Updating bundler Security DB... | |
| 2019-06-14T03:39:57.486Z INFO Detecting bundler vulnerabilities... | |
| 2019-06-14T03:39:57.486Z INFO Updating yarn Security DB... | |
| 2019-06-14T03:39:59.243Z INFO Detecting yarn vulnerabilities... | |
| 2019-06-14T03:39:59.244Z INFO Updating yarn Security DB... | |
| 2019-06-14T03:40:01.103Z INFO Detecting yarn vulnerabilities... | |
| devmtl/ghostfire:2.23.4-0254867 (alpine 3.9.4) | |
| ============================================== | |
| Total: 0 (UNKNOWN: 0, LOW: 0, MEDIUM: 0, HIGH: 0, CRITICAL: 0) | |
| var/lib/ghost/versions/2.23.4/node_modules/aws-sdk/Gemfile.lock | |
| =============================================================== | |
| Total: 14 (UNKNOWN: 1, LOW: 0, MEDIUM: 10, HIGH: 2, CRITICAL: 1) | |
| +----------+------------------+----------+-------------------+--------------------------+--------------------------------+ | |
| | LIBRARY | VULNERABILITY ID | SEVERITY | INSTALLED VERSION | FIXED VERSION | TITLE | | |
| +----------+------------------+----------+-------------------+--------------------------+--------------------------------+ | |
| | nokogiri | CVE-2016-4658 | CRITICAL | 1.6.1 | >= 1.7.1 | libxml2: Use after free via | | |
| | | | | | | namespace node in XPointer | | |
| | | | | | | ranges | | |
| + +------------------+----------+ +--------------------------+--------------------------------+ | |
| | | CVE-2015-5312 | HIGH | | >= 1.6.7.1 | libxml2: CPU exhaustion when | | |
| | | | | | | processing specially crafted | | |
| | | | | | | XML input | | |
| + +------------------+ + +--------------------------+--------------------------------+ | |
| | | CVE-2019-11068 | | | >= 1.10.3 | libxslt: xsltCheckRead and | | |
| | | | | | | xsltCheckWrite routines | | |
| | | | | | | security bypass by crafted URL | | |
| + +------------------+----------+ +--------------------------+--------------------------------+ | |
| | | CVE-2015-1819 | MEDIUM | | ~> 1.6.6.4, >= 1.6.7.rc4 | libxml2: denial of service | | |
| | | | | | | processing a crafted XML | | |
| | | | | | | document | | |
| + +------------------+ + +--------------------------+--------------------------------+ | |
| | | CVE-2015-8806 | | | >= 1.6.8 | libxml2: heap-buffer overread | | |
| | | | | | | in dict.c | | |
| + +------------------+ + +--------------------------+--------------------------------+ | |
| | | CVE-2017-15412 | | | >= 1.8.2 | chromium-browser: use after | | |
| | | | | | | free in libxml | | |
| + +------------------+ + +--------------------------+--------------------------------+ | |
| | | CVE-2017-16932 | | | >= 1.8.1 | libxml2: Infinite recursion in | | |
| | | | | | | parameter entities | | |
| + +------------------+ + +--------------------------+--------------------------------+ | |
| | | CVE-2017-5029 | | | >= 1.7.2 | chromium-browser: integer | | |
| | | | | | | overflow in libxslt | | |
| + +------------------+ + +--------------------------+--------------------------------+ | |
| | | CVE-2017-9050 | | | >= 1.8.1 | libxml2: Heap-based buffer | | |
| | | | | | | over-read in function | | |
| | | | | | | xmlDictAddString | | |
| + +------------------+ + +--------------------------+--------------------------------+ | |
| | | CVE-2018-14404 | | | >= 1.8.5 | libxml2: NULL pointer | | |
| | | | | | | dereference in | | |
| | | | | | | xpath.c:xmlXPathCompOpEval() | | |
| | | | | | | can allow attackers to cause | | |
| | | | | | | a... | | |
| + +------------------+ + +--------------------------+--------------------------------+ | |
| | | CVE-2018-8048 | | | >= 1.8.3 | rubygem-loofah: XSS | | |
| | | | | | | vulnerability due to unescaped | | |
| | | | | | | comments within attributes by | | |
| | | | | | | libxml2 | | |
| + +------------------+ + +--------------------------+--------------------------------+ | |
| | | CVE-2015-7499 | | | >= 1.6.7.2 | libxml2: Heap-based buffer | | |
| | | | | | | overflow in xmlGROW | | |
| + +------------------+----------+ +--------------------------+--------------------------------+ | |
| | | OSVDB-118481 | UNKNOWN | | >= 1.6.3 | Nokogiri Gem for JRuby XML | | |
| | | | | | | Document Root Element Handling | | |
| | | | | | | Memory Consumption Remote DoS | | |
| | | | | | | ... | | |
| +----------+------------------+----------+-------------------+--------------------------+--------------------------------+ | |
| | yard | CVE-2017-17042 | MEDIUM | 0.8.7.3 | >= 0.9.11 | rubygem-yard: | | |
| | | | | | | (lib/yard/core_ext/file.rb) | | |
| | | | | | | is vulnerable to directory | | |
| | | | | | | traversal attacks | | |
| +----------+------------------+----------+-------------------+--------------------------+--------------------------------+ |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment