mirror of
https://github.com/rocky-linux/sig-cloud-instance-images.git
synced 2024-12-20 08:08:29 +00:00
deploy: 8ccce7fd31
This commit is contained in:
NeilHanlon
parent
ab315af9b0
commit
cc643510c7
35
index.html
35
index.html
@ -51,7 +51,7 @@
|
|||||||
}
|
}
|
||||||
a.toggle-more-links { cursor: pointer; }
|
a.toggle-more-links { cursor: pointer; }
|
||||||
</style>
|
</style>
|
||||||
<title>docker.io/rockylinux/rockylinux:8 (rocky 8.7) - Trivy Report - 2023-02-01 13:06:16.593126051 +0000 UTC m=+1.398537792 </title>
|
<title>docker.io/rockylinux/rockylinux:8 (rocky 8.7) - Trivy Report - 2023-02-02 13:06:21.484997751 +0000 UTC m=+1.104527583 </title>
|
||||||
<script>
|
<script>
|
||||||
window.onload = function() {
|
window.onload = function() {
|
||||||
document.querySelectorAll('td.links').forEach(function(linkCell) {
|
document.querySelectorAll('td.links').forEach(function(linkCell) {
|
||||||
@ -81,42 +81,11 @@
|
|||||||
</script>
|
</script>
|
||||||
</head>
|
</head>
|
||||||
<body>
|
<body>
|
||||||
<h1>docker.io/rockylinux/rockylinux:8 (rocky 8.7) - Trivy Report - 2023-02-01 13:06:16.593153451 +0000 UTC m=+1.398565192</h1>
|
<h1>docker.io/rockylinux/rockylinux:8 (rocky 8.7) - Trivy Report - 2023-02-02 13:06:21.485022451 +0000 UTC m=+1.104552283</h1>
|
||||||
<table>
|
<table>
|
||||||
<tr class="group-header"><th colspan="6">rocky</th></tr>
|
<tr class="group-header"><th colspan="6">rocky</th></tr>
|
||||||
<tr><th colspan="6">No Vulnerabilities found</th></tr>
|
<tr><th colspan="6">No Vulnerabilities found</th></tr>
|
||||||
<tr><th colspan="6">No Misconfigurations found</th></tr>
|
<tr><th colspan="6">No Misconfigurations found</th></tr>
|
||||||
<tr class="group-header"><th colspan="6">python-pkg</th></tr>
|
|
||||||
<tr class="sub-header">
|
|
||||||
<th>Package</th>
|
|
||||||
<th>Vulnerability ID</th>
|
|
||||||
<th>Severity</th>
|
|
||||||
<th>Installed Version</th>
|
|
||||||
<th>Fixed Version</th>
|
|
||||||
<th>Links</th>
|
|
||||||
</tr>
|
|
||||||
<tr class="severity-HIGH">
|
|
||||||
<td class="pkg-name">setuptools</td>
|
|
||||||
<td>CVE-2022-40897</td>
|
|
||||||
<td class="severity">HIGH</td>
|
|
||||||
<td class="pkg-version">39.2.0</td>
|
|
||||||
<td>65.5.1</td>
|
|
||||||
<td class="links" data-more-links="off">
|
|
||||||
<a href="https://access.redhat.com/security/cve/CVE-2022-40897">https://access.redhat.com/security/cve/CVE-2022-40897</a>
|
|
||||||
<a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-40897">https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-40897</a>
|
|
||||||
<a href="https://github.com/advisories/GHSA-r9hx-vwmv-q579">https://github.com/advisories/GHSA-r9hx-vwmv-q579</a>
|
|
||||||
<a href="https://github.com/pypa/setuptools/blob/fe8a98e696241487ba6ac9f91faa38ade939ec5d/setuptools/package_index.py#L200">https://github.com/pypa/setuptools/blob/fe8a98e696241487ba6ac9f91faa38ade939ec5d/setuptools/package_index.py#L200</a>
|
|
||||||
<a href="https://github.com/pypa/setuptools/commit/43a9c9bfa6aa626ec2a22540bea28d2ca77964be">https://github.com/pypa/setuptools/commit/43a9c9bfa6aa626ec2a22540bea28d2ca77964be</a>
|
|
||||||
<a href="https://github.com/pypa/setuptools/compare/v65.5.0...v65.5.1">https://github.com/pypa/setuptools/compare/v65.5.0...v65.5.1</a>
|
|
||||||
<a href="https://github.com/pypa/setuptools/issues/3659">https://github.com/pypa/setuptools/issues/3659</a>
|
|
||||||
<a href="https://nvd.nist.gov/vuln/detail/CVE-2022-40897">https://nvd.nist.gov/vuln/detail/CVE-2022-40897</a>
|
|
||||||
<a href="https://pyup.io/posts/pyup-discovers-redos-vulnerabilities-in-top-python-packages/">https://pyup.io/posts/pyup-discovers-redos-vulnerabilities-in-top-python-packages/</a>
|
|
||||||
<a href="https://pyup.io/vulnerabilities/CVE-2022-40897/52495/">https://pyup.io/vulnerabilities/CVE-2022-40897/52495/</a>
|
|
||||||
<a href="https://setuptools.pypa.io/en/latest/">https://setuptools.pypa.io/en/latest/</a>
|
|
||||||
<a href="https://ubuntu.com/security/notices/USN-5817-1">https://ubuntu.com/security/notices/USN-5817-1</a>
|
|
||||||
</td>
|
|
||||||
</tr>
|
|
||||||
<tr><th colspan="6">No Misconfigurations found</th></tr>
|
|
||||||
</table>
|
</table>
|
||||||
</body>
|
</body>
|
||||||
</html>
|
</html>
|
||||||
|
|||||||
@ -8,67 +8,11 @@
|
|||||||
"fullName": "Trivy Vulnerability Scanner",
|
"fullName": "Trivy Vulnerability Scanner",
|
||||||
"informationUri": "https://github.com/aquasecurity/trivy",
|
"informationUri": "https://github.com/aquasecurity/trivy",
|
||||||
"name": "Trivy",
|
"name": "Trivy",
|
||||||
"rules": [
|
"rules": [],
|
||||||
{
|
"version": "0.37.1"
|
||||||
"id": "CVE-2022-40897",
|
|
||||||
"name": "LanguageSpecificPackageVulnerability",
|
|
||||||
"shortDescription": {
|
|
||||||
"text": "pypa-setuptools: Regular Expression Denial of Service (ReDoS) in package_index.py"
|
|
||||||
},
|
|
||||||
"fullDescription": {
|
|
||||||
"text": "Python Packaging Authority (PyPA) setuptools before 65.5.1 allows remote attackers to cause a denial of service via HTML in a crafted package or custom PackageIndex page. There is a Regular Expression Denial of Service (ReDoS) in package_index.py."
|
|
||||||
},
|
|
||||||
"defaultConfiguration": {
|
|
||||||
"level": "error"
|
|
||||||
},
|
|
||||||
"helpUri": "https://avd.aquasec.com/nvd/cve-2022-40897",
|
|
||||||
"help": {
|
|
||||||
"text": "Vulnerability CVE-2022-40897\nSeverity: HIGH\nPackage: setuptools\nFixed Version: 65.5.1\nLink: [CVE-2022-40897](https://avd.aquasec.com/nvd/cve-2022-40897)\nPython Packaging Authority (PyPA) setuptools before 65.5.1 allows remote attackers to cause a denial of service via HTML in a crafted package or custom PackageIndex page. There is a Regular Expression Denial of Service (ReDoS) in package_index.py.",
|
|
||||||
"markdown": "**Vulnerability CVE-2022-40897**\n| Severity | Package | Fixed Version | Link |\n| --- | --- | --- | --- |\n|HIGH|setuptools|65.5.1|[CVE-2022-40897](https://avd.aquasec.com/nvd/cve-2022-40897)|\n\nPython Packaging Authority (PyPA) setuptools before 65.5.1 allows remote attackers to cause a denial of service via HTML in a crafted package or custom PackageIndex page. There is a Regular Expression Denial of Service (ReDoS) in package_index.py."
|
|
||||||
},
|
|
||||||
"properties": {
|
|
||||||
"precision": "very-high",
|
|
||||||
"security-severity": "7.5",
|
|
||||||
"tags": [
|
|
||||||
"vulnerability",
|
|
||||||
"security",
|
|
||||||
"HIGH"
|
|
||||||
]
|
|
||||||
}
|
|
||||||
}
|
|
||||||
],
|
|
||||||
"version": "0.34.0"
|
|
||||||
}
|
}
|
||||||
},
|
},
|
||||||
"results": [
|
"results": [],
|
||||||
{
|
|
||||||
"ruleId": "CVE-2022-40897",
|
|
||||||
"ruleIndex": 0,
|
|
||||||
"level": "error",
|
|
||||||
"message": {
|
|
||||||
"text": "Package: setuptools\nInstalled Version: 39.2.0\nVulnerability CVE-2022-40897\nSeverity: HIGH\nFixed Version: 65.5.1\nLink: [CVE-2022-40897](https://avd.aquasec.com/nvd/cve-2022-40897)"
|
|
||||||
},
|
|
||||||
"locations": [
|
|
||||||
{
|
|
||||||
"physicalLocation": {
|
|
||||||
"artifactLocation": {
|
|
||||||
"uri": "usr/lib/python3.6/site-packages/setuptools-39.2.0.dist-info/METADATA",
|
|
||||||
"uriBaseId": "ROOTPATH"
|
|
||||||
},
|
|
||||||
"region": {
|
|
||||||
"startLine": 1,
|
|
||||||
"startColumn": 1,
|
|
||||||
"endLine": 1,
|
|
||||||
"endColumn": 1
|
|
||||||
}
|
|
||||||
},
|
|
||||||
"message": {
|
|
||||||
"text": "usr/lib/python3.6/site-packages/setuptools-39.2.0.dist-info/METADATA: setuptools@39.2.0"
|
|
||||||
}
|
|
||||||
}
|
|
||||||
]
|
|
||||||
}
|
|
||||||
],
|
|
||||||
"columnKind": "utf16CodeUnits",
|
"columnKind": "utf16CodeUnits",
|
||||||
"originalUriBaseIds": {
|
"originalUriBaseIds": {
|
||||||
"ROOTPATH": {
|
"ROOTPATH": {
|
||||||
|
|||||||
Loading…
Reference in New Issue
Block a user