2022-03-29 13:51:32 +00:00
|
|
|
<!DOCTYPE html>
|
|
|
|
<html>
|
|
|
|
<head>
|
|
|
|
<meta http-equiv="Content-Type" content="text/html; charset=utf-8">
|
|
|
|
<style>
|
|
|
|
* {
|
|
|
|
font-family: Arial, Helvetica, sans-serif;
|
|
|
|
}
|
|
|
|
h1 {
|
|
|
|
text-align: center;
|
|
|
|
}
|
|
|
|
.group-header th {
|
|
|
|
font-size: 200%;
|
|
|
|
}
|
|
|
|
.sub-header th {
|
|
|
|
font-size: 150%;
|
|
|
|
}
|
|
|
|
table, th, td {
|
|
|
|
border: 1px solid black;
|
|
|
|
border-collapse: collapse;
|
|
|
|
white-space: nowrap;
|
|
|
|
padding: .3em;
|
|
|
|
}
|
|
|
|
table {
|
|
|
|
margin: 0 auto;
|
|
|
|
}
|
|
|
|
.severity {
|
|
|
|
text-align: center;
|
|
|
|
font-weight: bold;
|
|
|
|
color: #fafafa;
|
|
|
|
}
|
|
|
|
.severity-LOW .severity { background-color: #5fbb31; }
|
|
|
|
.severity-MEDIUM .severity { background-color: #e9c600; }
|
|
|
|
.severity-HIGH .severity { background-color: #ff8800; }
|
|
|
|
.severity-CRITICAL .severity { background-color: #e40000; }
|
|
|
|
.severity-UNKNOWN .severity { background-color: #747474; }
|
|
|
|
.severity-LOW { background-color: #5fbb3160; }
|
|
|
|
.severity-MEDIUM { background-color: #e9c60060; }
|
|
|
|
.severity-HIGH { background-color: #ff880060; }
|
|
|
|
.severity-CRITICAL { background-color: #e4000060; }
|
|
|
|
.severity-UNKNOWN { background-color: #74747460; }
|
|
|
|
table tr td:first-of-type {
|
|
|
|
font-weight: bold;
|
|
|
|
}
|
|
|
|
.links a,
|
|
|
|
.links[data-more-links=on] a {
|
|
|
|
display: block;
|
|
|
|
}
|
|
|
|
.links[data-more-links=off] a:nth-of-type(1n+5) {
|
|
|
|
display: none;
|
|
|
|
}
|
|
|
|
a.toggle-more-links { cursor: pointer; }
|
|
|
|
</style>
|
2023-01-26 13:06:51 +00:00
|
|
|
<title>docker.io/rockylinux/rockylinux:8 (rocky 8.7) - Trivy Report - 2023-01-26 13:06:50.603432507 +0000 UTC m=+1.144268152 </title>
|
2022-03-29 13:51:32 +00:00
|
|
|
<script>
|
|
|
|
window.onload = function() {
|
|
|
|
document.querySelectorAll('td.links').forEach(function(linkCell) {
|
|
|
|
var links = [].concat.apply([], linkCell.querySelectorAll('a'));
|
|
|
|
[].sort.apply(links, function(a, b) {
|
|
|
|
return a.href > b.href ? 1 : -1;
|
|
|
|
});
|
|
|
|
links.forEach(function(link, idx) {
|
|
|
|
if (links.length > 3 && 3 === idx) {
|
|
|
|
var toggleLink = document.createElement('a');
|
|
|
|
toggleLink.innerText = "Toggle more links";
|
|
|
|
toggleLink.href = "#toggleMore";
|
|
|
|
toggleLink.setAttribute("class", "toggle-more-links");
|
|
|
|
linkCell.appendChild(toggleLink);
|
|
|
|
}
|
|
|
|
linkCell.appendChild(link);
|
|
|
|
});
|
|
|
|
});
|
|
|
|
document.querySelectorAll('a.toggle-more-links').forEach(function(toggleLink) {
|
|
|
|
toggleLink.onclick = function() {
|
|
|
|
var expanded = toggleLink.parentElement.getAttribute("data-more-links");
|
|
|
|
toggleLink.parentElement.setAttribute("data-more-links", "on" === expanded ? "off" : "on");
|
|
|
|
return false;
|
|
|
|
};
|
|
|
|
});
|
|
|
|
};
|
|
|
|
</script>
|
|
|
|
</head>
|
|
|
|
<body>
|
2023-01-26 13:06:51 +00:00
|
|
|
<h1>docker.io/rockylinux/rockylinux:8 (rocky 8.7) - Trivy Report - 2023-01-26 13:06:50.603456907 +0000 UTC m=+1.144292452</h1>
|
2022-03-29 13:51:32 +00:00
|
|
|
<table>
|
|
|
|
<tr class="group-header"><th colspan="6">rocky</th></tr>
|
2022-12-20 13:05:49 +00:00
|
|
|
<tr><th colspan="6">No Vulnerabilities found</th></tr>
|
2022-03-29 13:51:32 +00:00
|
|
|
<tr><th colspan="6">No Misconfigurations found</th></tr>
|
2022-12-28 13:04:35 +00:00
|
|
|
<tr class="group-header"><th colspan="6">python-pkg</th></tr>
|
|
|
|
<tr class="sub-header">
|
|
|
|
<th>Package</th>
|
|
|
|
<th>Vulnerability ID</th>
|
|
|
|
<th>Severity</th>
|
|
|
|
<th>Installed Version</th>
|
|
|
|
<th>Fixed Version</th>
|
|
|
|
<th>Links</th>
|
|
|
|
</tr>
|
|
|
|
<tr class="severity-HIGH">
|
|
|
|
<td class="pkg-name">setuptools</td>
|
|
|
|
<td>CVE-2022-40897</td>
|
|
|
|
<td class="severity">HIGH</td>
|
|
|
|
<td class="pkg-version">39.2.0</td>
|
|
|
|
<td>65.5.1</td>
|
|
|
|
<td class="links" data-more-links="off">
|
2023-01-06 13:05:40 +00:00
|
|
|
<a href="https://access.redhat.com/security/cve/CVE-2022-40897">https://access.redhat.com/security/cve/CVE-2022-40897</a>
|
2023-01-20 13:06:06 +00:00
|
|
|
<a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-40897">https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-40897</a>
|
2022-12-28 13:04:35 +00:00
|
|
|
<a href="https://github.com/advisories/GHSA-r9hx-vwmv-q579">https://github.com/advisories/GHSA-r9hx-vwmv-q579</a>
|
|
|
|
<a href="https://github.com/pypa/setuptools/blob/fe8a98e696241487ba6ac9f91faa38ade939ec5d/setuptools/package_index.py#L200">https://github.com/pypa/setuptools/blob/fe8a98e696241487ba6ac9f91faa38ade939ec5d/setuptools/package_index.py#L200</a>
|
|
|
|
<a href="https://github.com/pypa/setuptools/commit/43a9c9bfa6aa626ec2a22540bea28d2ca77964be">https://github.com/pypa/setuptools/commit/43a9c9bfa6aa626ec2a22540bea28d2ca77964be</a>
|
|
|
|
<a href="https://github.com/pypa/setuptools/compare/v65.5.0...v65.5.1">https://github.com/pypa/setuptools/compare/v65.5.0...v65.5.1</a>
|
|
|
|
<a href="https://github.com/pypa/setuptools/issues/3659">https://github.com/pypa/setuptools/issues/3659</a>
|
|
|
|
<a href="https://nvd.nist.gov/vuln/detail/CVE-2022-40897">https://nvd.nist.gov/vuln/detail/CVE-2022-40897</a>
|
|
|
|
<a href="https://pyup.io/posts/pyup-discovers-redos-vulnerabilities-in-top-python-packages/">https://pyup.io/posts/pyup-discovers-redos-vulnerabilities-in-top-python-packages/</a>
|
|
|
|
<a href="https://pyup.io/vulnerabilities/CVE-2022-40897/52495/">https://pyup.io/vulnerabilities/CVE-2022-40897/52495/</a>
|
|
|
|
<a href="https://setuptools.pypa.io/en/latest/">https://setuptools.pypa.io/en/latest/</a>
|
2023-01-24 13:05:49 +00:00
|
|
|
<a href="https://ubuntu.com/security/notices/USN-5817-1">https://ubuntu.com/security/notices/USN-5817-1</a>
|
2022-12-28 13:04:35 +00:00
|
|
|
</td>
|
|
|
|
</tr>
|
|
|
|
<tr><th colspan="6">No Misconfigurations found</th></tr>
|
2022-03-29 13:51:32 +00:00
|
|
|
</table>
|
|
|
|
</body>
|
|
|
|
</html>
|