sig-cloud-instance-images/trivy-results.sarif

{
  "version": "2.1.0",
  "$schema": "https://json.schemastore.org/sarif-2.1.0-rtm.5.json",
  "runs": [
    {
      "tool": {
        "driver": {
          "fullName": "Trivy Vulnerability Scanner",
          "informationUri": "https://github.com/aquasecurity/trivy",
          "name": "Trivy",
          "rules": [
            {
              "id": "CVE-2022-40897",
              "name": "LanguageSpecificPackageVulnerability",
              "shortDescription": {
                "text": "pypa-setuptools: Regular Expression Denial of Service (ReDoS) in package_index.py"
              },
              "fullDescription": {
                "text": "Python Packaging Authority (PyPA) setuptools before 65.5.1 allows remote attackers to cause a denial of service via HTML in a crafted package or custom PackageIndex page. There is a Regular Expression Denial of Service (ReDoS) in package_index.py."
              },
              "defaultConfiguration": {
                "level": "error"
              },
              "helpUri": "https://avd.aquasec.com/nvd/cve-2022-40897",
              "help": {
                "text": "Vulnerability CVE-2022-40897\nSeverity: HIGH\nPackage: setuptools\nFixed Version: 65.5.1\nLink: [CVE-2022-40897](https://avd.aquasec.com/nvd/cve-2022-40897)\nPython Packaging Authority (PyPA) setuptools before 65.5.1 allows remote attackers to cause a denial of service via HTML in a crafted package or custom PackageIndex page. There is a Regular Expression Denial of Service (ReDoS) in package_index.py.",
                "markdown": "**Vulnerability CVE-2022-40897**\n| Severity | Package | Fixed Version | Link |\n| --- | --- | --- | --- |\n|HIGH|setuptools|65.5.1|[CVE-2022-40897](https://avd.aquasec.com/nvd/cve-2022-40897)|\n\nPython Packaging Authority (PyPA) setuptools before 65.5.1 allows remote attackers to cause a denial of service via HTML in a crafted package or custom PackageIndex page. There is a Regular Expression Denial of Service (ReDoS) in package_index.py."
              },
              "properties": {
                "precision": "very-high",
                "security-severity": "7.5",
                "tags": [
                  "vulnerability",
                  "security",
                  "HIGH"
                ]
              }
            }
          ],
          "version": "0.34.0"
        }
      },
      "results": [
        {
          "ruleId": "CVE-2022-40897",
          "ruleIndex": 0,
          "level": "error",
          "message": {
            "text": "Package: setuptools\nInstalled Version: 39.2.0\nVulnerability CVE-2022-40897\nSeverity: HIGH\nFixed Version: 65.5.1\nLink: [CVE-2022-40897](https://avd.aquasec.com/nvd/cve-2022-40897)"
          },
          "locations": [
            {
              "physicalLocation": {
                "artifactLocation": {
                  "uri": "usr/lib/python3.6/site-packages/setuptools-39.2.0.dist-info/METADATA",
                  "uriBaseId": "ROOTPATH"
                },
                "region": {
                  "startLine": 1,
                  "startColumn": 1,
                  "endLine": 1,
                  "endColumn": 1
                }
              },
              "message": {
                "text": "usr/lib/python3.6/site-packages/setuptools-39.2.0.dist-info/METADATA: setuptools@39.2.0"
              }
            }
          ]
        }
      ],
      "columnKind": "utf16CodeUnits",
      "originalUriBaseIds": {
        "ROOTPATH": {
          "uri": "file:///"
        }
      }
    }
  ]
}
deploy: afb437eb90a0801e1642c43add3a73b566ca1c98 2022-03-29 13:51:32 +00:00			`{`
			`"version": "2.1.0",`
			`"$schema": "https://json.schemastore.org/sarif-2.1.0-rtm.5.json",`
			`"runs": [`
			`{`
			`"tool": {`
			`"driver": {`
			`"fullName": "Trivy Vulnerability Scanner",`
			`"informationUri": "https://github.com/aquasecurity/trivy",`
			`"name": "Trivy",`
deploy: 8ccce7fd31973e438889a894e0b29e70f8459500 2022-12-28 13:04:35 +00:00			`"rules": [`
			`{`
			`"id": "CVE-2022-40897",`
			`"name": "LanguageSpecificPackageVulnerability",`
			`"shortDescription": {`
deploy: 8ccce7fd31973e438889a894e0b29e70f8459500 2023-01-06 13:05:40 +00:00			`"text": "pypa-setuptools: Regular Expression Denial of Service (ReDoS) in package_index.py"`
deploy: 8ccce7fd31973e438889a894e0b29e70f8459500 2022-12-28 13:04:35 +00:00			`},`
			`"fullDescription": {`
			`"text": "Python Packaging Authority (PyPA) setuptools before 65.5.1 allows remote attackers to cause a denial of service via HTML in a crafted package or custom PackageIndex page. There is a Regular Expression Denial of Service (ReDoS) in package_index.py."`
			`},`
			`"defaultConfiguration": {`
			`"level": "error"`
			`},`
			`"helpUri": "https://avd.aquasec.com/nvd/cve-2022-40897",`
			`"help": {`
			`"text": "Vulnerability CVE-2022-40897\nSeverity: HIGH\nPackage: setuptools\nFixed Version: 65.5.1\nLink: [CVE-2022-40897](https://avd.aquasec.com/nvd/cve-2022-40897)\nPython Packaging Authority (PyPA) setuptools before 65.5.1 allows remote attackers to cause a denial of service via HTML in a crafted package or custom PackageIndex page. There is a Regular Expression Denial of Service (ReDoS) in package_index.py.",`
			`"markdown": "Vulnerability CVE-2022-40897\n\| Severity \| Package \| Fixed Version \| Link \|\n\| --- \| --- \| --- \| --- \|\n\|HIGH\|setuptools\|65.5.1\|[CVE-2022-40897](https://avd.aquasec.com/nvd/cve-2022-40897)\|\n\nPython Packaging Authority (PyPA) setuptools before 65.5.1 allows remote attackers to cause a denial of service via HTML in a crafted package or custom PackageIndex page. There is a Regular Expression Denial of Service (ReDoS) in package_index.py."`
			`},`
			`"properties": {`
			`"precision": "very-high",`
			`"security-severity": "7.5",`
			`"tags": [`
			`"vulnerability",`
			`"security",`
			`"HIGH"`
			`]`
			`}`
			`}`
			`],`
deploy: 4fcb0f39f5d145b2640ea501c1a7e1c8686bd82c 2022-11-01 13:18:17 +00:00			`"version": "0.34.0"`
deploy: afb437eb90a0801e1642c43add3a73b566ca1c98 2022-03-29 13:51:32 +00:00			`}`
			`},`
deploy: 8ccce7fd31973e438889a894e0b29e70f8459500 2022-12-28 13:04:35 +00:00			`"results": [`
			`{`
			`"ruleId": "CVE-2022-40897",`
			`"ruleIndex": 0,`
			`"level": "error",`
			`"message": {`
			`"text": "Package: setuptools\nInstalled Version: 39.2.0\nVulnerability CVE-2022-40897\nSeverity: HIGH\nFixed Version: 65.5.1\nLink: [CVE-2022-40897](https://avd.aquasec.com/nvd/cve-2022-40897)"`
			`},`
			`"locations": [`
			`{`
			`"physicalLocation": {`
			`"artifactLocation": {`
			`"uri": "usr/lib/python3.6/site-packages/setuptools-39.2.0.dist-info/METADATA",`
			`"uriBaseId": "ROOTPATH"`
			`},`
			`"region": {`
			`"startLine": 1,`
			`"startColumn": 1,`
			`"endLine": 1,`
			`"endColumn": 1`
			`}`
			`},`
			`"message": {`
			`"text": "usr/lib/python3.6/site-packages/setuptools-39.2.0.dist-info/METADATA: setuptools@39.2.0"`
			`}`
			`}`
			`]`
			`}`
			`],`
deploy: afb437eb90a0801e1642c43add3a73b566ca1c98 2022-03-29 13:51:32 +00:00			`"columnKind": "utf16CodeUnits",`
			`"originalUriBaseIds": {`
			`"ROOTPATH": {`
			`"uri": "file:///"`
			`}`
			`}`
			`}`
			`]`
			`}`