-
Notifications
You must be signed in to change notification settings - Fork 0
Expand file tree
/
Copy pathsample_trivy.json
More file actions
60 lines (60 loc) · 2.07 KB
/
Copy pathsample_trivy.json
File metadata and controls
60 lines (60 loc) · 2.07 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
{
"Results": [
{
"Target": "library/node:16-alpine",
"Vulnerabilities": [
{
"VulnerabilityID": "CVE-2023-4586",
"Severity": "CRITICAL",
"Title": "node-fetch: SSRF via insufficiently validated URLs",
"Description": "A server-side request forgery (SSRF) vulnerability exists in node-fetch due to insufficient validation of URLs.",
"PkgName": "node-fetch",
"InstalledVersion": "2.6.7",
"FixedVersion": "2.6.9"
}
]
},
{
"Target": "app/requirements.txt",
"Vulnerabilities": [
{
"VulnerabilityID": "CVE-2022-40897",
"Severity": "HIGH",
"Title": "setuptools: Regular Expression Denial of Service (ReDoS) in package_index.py",
"Description": "An issue in Python setuptools allows a remote attacker to cause a denial of service via crafted package.",
"PkgName": "setuptools",
"InstalledVersion": "65.5.1",
"FixedVersion": "65.5.2"
}
]
},
{
"Target": "Dockerfile",
"Vulnerabilities": [
{
"VulnerabilityID": "CVE-2023-44487",
"Severity": "HIGH",
"Title": "HTTP/2 Rapid Reset Attack (Multiple CVEs)",
"Description": "Multiple HTTP/2 enabled web servers are vulnerable to a DDoS attack (Rapid Reset Attack).",
"PkgName": "golang.org/x/net",
"InstalledVersion": "0.17.0",
"FixedVersion": "0.17.1"
}
]
},
{
"Target": "app/package-lock.json",
"Vulnerabilities": [
{
"VulnerabilityID": "CVE-2021-3807",
"Severity": "MEDIUM",
"Title": "ansi-regex: Inefficient Regular Expression Complexity",
"Description": "ansi-regex is vulnerable to Inefficient Regular Expression Complexity.",
"PkgName": "ansi-regex",
"InstalledVersion": "5.0.0",
"FixedVersion": "5.0.1"
}
]
}
]
}