This commit is contained in:
NeilHanlon 2023-01-06 13:05:40 +00:00
parent 4a2d300d42
commit 8c93ba5559
2 changed files with 4 additions and 3 deletions

View File

@ -51,7 +51,7 @@
}
a.toggle-more-links { cursor: pointer; }
</style>
<title>docker.io/rockylinux/rockylinux:8 (rocky 8.7) - Trivy Report - 2023-01-04 13:05:58.983808723 +0000 UTC m=+1.065410995 </title>
<title>docker.io/rockylinux/rockylinux:8 (rocky 8.7) - Trivy Report - 2023-01-06 13:05:39.249913015 +0000 UTC m=+1.190615677 </title>
<script>
window.onload = function() {
document.querySelectorAll('td.links').forEach(function(linkCell) {
@ -81,7 +81,7 @@
</script>
</head>
<body>
<h1>docker.io/rockylinux/rockylinux:8 (rocky 8.7) - Trivy Report - 2023-01-04 13:05:58.983832523 +0000 UTC m=+1.065434895</h1>
<h1>docker.io/rockylinux/rockylinux:8 (rocky 8.7) - Trivy Report - 2023-01-06 13:05:39.249936814 +0000 UTC m=+1.190639576</h1>
<table>
<tr class="group-header"><th colspan="6">rocky</th></tr>
<tr><th colspan="6">No Vulnerabilities found</th></tr>
@ -102,6 +102,7 @@
<td class="pkg-version">39.2.0</td>
<td>65.5.1</td>
<td class="links" data-more-links="off">
<a href="https://access.redhat.com/security/cve/CVE-2022-40897">https://access.redhat.com/security/cve/CVE-2022-40897</a>
<a href="https://github.com/advisories/GHSA-r9hx-vwmv-q579">https://github.com/advisories/GHSA-r9hx-vwmv-q579</a>
<a href="https://github.com/pypa/setuptools/blob/fe8a98e696241487ba6ac9f91faa38ade939ec5d/setuptools/package_index.py#L200">https://github.com/pypa/setuptools/blob/fe8a98e696241487ba6ac9f91faa38ade939ec5d/setuptools/package_index.py#L200</a>
<a href="https://github.com/pypa/setuptools/commit/43a9c9bfa6aa626ec2a22540bea28d2ca77964be">https://github.com/pypa/setuptools/commit/43a9c9bfa6aa626ec2a22540bea28d2ca77964be</a>

View File

@ -13,7 +13,7 @@
"id": "CVE-2022-40897",
"name": "LanguageSpecificPackageVulnerability",
"shortDescription": {
"text": "CVE-2022-40897 affecting package python-setuptools 40.2.0-6"
"text": "pypa-setuptools: Regular Expression Denial of Service (ReDoS) in package_index.py"
},
"fullDescription": {
"text": "Python Packaging Authority (PyPA) setuptools before 65.5.1 allows remote attackers to cause a denial of service via HTML in a crafted package or custom PackageIndex page. There is a Regular Expression Denial of Service (ReDoS) in package_index.py."