You cannot select more than 25 topics
Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
105 lines
4.0 KiB
Plaintext
105 lines
4.0 KiB
Plaintext
{
|
|
"SchemaVersion": 2,
|
|
"ArtifactName": "alpine:3.10",
|
|
"ArtifactType": "container_image",
|
|
"Metadata": {
|
|
"OS": {
|
|
"Family": "alpine",
|
|
"Name": "3.10.9",
|
|
"EOSL": true
|
|
},
|
|
"ImageID": "sha256:e7b300aee9f9bf3433d32bc9305bfdd22183beb59d933b48d77ab56ba53a197a",
|
|
"DiffIDs": [
|
|
"sha256:9fb3aa2f8b8023a4bebbf92aa567caf88e38e969ada9f0ac12643b2847391635"
|
|
],
|
|
"RepoTags": [
|
|
"alpine:3.10"
|
|
],
|
|
"RepoDigests": [
|
|
"alpine@sha256:451eee8bedcb2f029756dc3e9d73bab0e7943c1ac55cff3a4861c52a0fdd3e98"
|
|
],
|
|
"ImageConfig": {
|
|
"architecture": "amd64",
|
|
"container": "fdb7e80e3339e8d0599282e606c907aa5881ee4c668a68136119e6dfac6ce3a4",
|
|
"created": "2021-04-14T19:20:05.338397761Z",
|
|
"docker_version": "19.03.12",
|
|
"history": [
|
|
{
|
|
"created": "2021-04-14T19:20:04.987219124Z",
|
|
"created_by": "/bin/sh -c #(nop) ADD file:c5377eaa926bf412dd8d4a08b0a1f2399cfd708743533b0aa03b53d14cb4bb4e in / "
|
|
},
|
|
{
|
|
"created": "2021-04-14T19:20:05.338397761Z",
|
|
"created_by": "/bin/sh -c #(nop) CMD [\"/bin/sh\"]",
|
|
"empty_layer": true
|
|
}
|
|
],
|
|
"os": "linux",
|
|
"rootfs": {
|
|
"type": "layers",
|
|
"diff_ids": [
|
|
"sha256:9fb3aa2f8b8023a4bebbf92aa567caf88e38e969ada9f0ac12643b2847391635"
|
|
]
|
|
},
|
|
"config": {
|
|
"Cmd": [
|
|
"/bin/sh"
|
|
],
|
|
"Env": [
|
|
"PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin"
|
|
],
|
|
"Image": "sha256:eb2080c455e94c22ae35b3aef9e078c492a00795412e026e4d6b41ef64bc7dd8"
|
|
}
|
|
}
|
|
},
|
|
"Results": [
|
|
{
|
|
"Target": "alpine:3.10 (alpine 3.10.9)",
|
|
"Class": "os-pkgs",
|
|
"Type": "alpine",
|
|
"Vulnerabilities": [
|
|
{
|
|
"VulnerabilityID": "CVE-2021-36159",
|
|
"PkgName": "apk-tools",
|
|
"InstalledVersion": "2.10.6-r0",
|
|
"FixedVersion": "2.10.7-r0",
|
|
"Layer": {
|
|
"Digest": "sha256:396c31837116ac290458afcb928f68b6cc1c7bdd6963fc72f52f365a2a89c1b5",
|
|
"DiffID": "sha256:9fb3aa2f8b8023a4bebbf92aa567caf88e38e969ada9f0ac12643b2847391635"
|
|
},
|
|
"SeveritySource": "nvd",
|
|
"PrimaryURL": "https://avd.aquasec.com/nvd/cve-2021-36159",
|
|
"DataSource": {
|
|
"ID": "alpine",
|
|
"Name": "Alpine Secdb",
|
|
"URL": "https://secdb.alpinelinux.org/"
|
|
},
|
|
"Description": "libfetch before 2021-07-26, as used in apk-tools, xbps, and other products, mishandles numeric strings for the FTP and HTTP protocols. The FTP passive mode implementation allows an out-of-bounds read because strtol is used to parse the relevant numbers into address bytes. It does not check if the line ends prematurely. If it does, the for-loop condition checks for the '\\0' terminator one byte too late.",
|
|
"Severity": "CRITICAL",
|
|
"CweIDs": [
|
|
"CWE-125"
|
|
],
|
|
"CVSS": {
|
|
"nvd": {
|
|
"V2Vector": "AV:N/AC:L/Au:N/C:P/I:N/A:P",
|
|
"V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H",
|
|
"V2Score": 6.4,
|
|
"V3Score": 9.1
|
|
}
|
|
},
|
|
"References": [
|
|
"https://github.com/freebsd/freebsd-src/commits/main/lib/libfetch",
|
|
"https://gitlab.alpinelinux.org/alpine/apk-tools/-/issues/10749",
|
|
"https://lists.apache.org/thread.html/r61db8e7dcb56dc000a5387a88f7a473bacec5ee01b9ff3f55308aacc@%3Cdev.kafka.apache.org%3E",
|
|
"https://lists.apache.org/thread.html/r61db8e7dcb56dc000a5387a88f7a473bacec5ee01b9ff3f55308aacc@%3Cusers.kafka.apache.org%3E",
|
|
"https://lists.apache.org/thread.html/rbf4ce74b0d1fa9810dec50ba3ace0caeea677af7c27a97111c06ccb7@%3Cdev.kafka.apache.org%3E",
|
|
"https://lists.apache.org/thread.html/rbf4ce74b0d1fa9810dec50ba3ace0caeea677af7c27a97111c06ccb7@%3Cusers.kafka.apache.org%3E"
|
|
],
|
|
"PublishedDate": "2021-08-03T14:15:00Z",
|
|
"LastModifiedDate": "2021-10-18T12:19:00Z"
|
|
}
|
|
]
|
|
}
|
|
]
|
|
}
|