We read every piece of feedback, and take your input very seriously.
To see all available qualifiers, see our documentation.
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
The current container (openzipkin/zipkin:3.4.2) is reported to contain multiple vulnerable components.
openzipkin/zipkin:3.4.2 (alpine 3.20.2) Total: 10 (UNKNOWN: 0, LOW: 2, MEDIUM: 8, HIGH: 0, CRITICAL: 0) ┌───────────────┬────────────────┬──────────┬────────┬───────────────────┬───────────────┬───────────────────────────────────────────────────────────┐ │ Library │ Vulnerability │ Severity │ Status │ Installed Version │ Fixed Version │ Title │ ├───────────────┼────────────────┼──────────┼────────┼───────────────────┼───────────────┼───────────────────────────────────────────────────────────┤ │ busybox │ CVE-2023-42364 │ MEDIUM │ fixed │ 1.36.1-r29 │ 1.36.1-r30 │ busybox: use-after-free │ │ │ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-42364 │ │ ├────────────────┤ │ │ │ ├───────────────────────────────────────────────────────────┤ │ │ CVE-2023-42365 │ │ │ │ │ busybox: use-after-free │ │ │ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-42365 │ ├───────────────┼────────────────┤ │ │ │ ├───────────────────────────────────────────────────────────┤ │ busybox-binsh │ CVE-2023-42364 │ │ │ │ │ busybox: use-after-free │ │ │ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-42364 │ │ ├────────────────┤ │ │ │ ├───────────────────────────────────────────────────────────┤ │ │ CVE-2023-42365 │ │ │ │ │ busybox: use-after-free │ │ │ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-42365 │ ├───────────────┼────────────────┤ │ ├───────────────────┼───────────────┼───────────────────────────────────────────────────────────┤ │ libcrypto3 │ CVE-2024-6119 │ │ │ 3.3.1-r3 │ 3.3.2-r0 │ openssl: Possible denial of service in X.509 name checks │ │ │ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2024-6119 │ │ ├────────────────┼──────────┤ │ ├───────────────┼───────────────────────────────────────────────────────────┤ │ │ CVE-2024-9143 │ LOW │ │ │ 3.3.2-r3 │ openssl: Low-level invalid GF(2^m) parameters lead to OOB │ │ │ │ │ │ │ │ memory access │ │ │ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2024-9143 │ ├───────────────┼────────────────┼──────────┤ │ ├───────────────┼───────────────────────────────────────────────────────────┤ │ libssl3 │ CVE-2024-6119 │ MEDIUM │ │ │ 3.3.2-r0 │ openssl: Possible denial of service in X.509 name checks │ │ │ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2024-6119 │ │ ├────────────────┼──────────┤ │ ├───────────────┼───────────────────────────────────────────────────────────┤ │ │ CVE-2024-9143 │ LOW │ │ │ 3.3.2-r3 │ openssl: Low-level invalid GF(2^m) parameters lead to OOB │ │ │ │ │ │ │ │ memory access │ │ │ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2024-9143 │ ├───────────────┼────────────────┼──────────┤ ├───────────────────┼───────────────┼───────────────────────────────────────────────────────────┤ │ ssl_client │ CVE-2023-42364 │ MEDIUM │ │ 1.36.1-r29 │ 1.36.1-r30 │ busybox: use-after-free │ │ │ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-42364 │ │ ├────────────────┤ │ │ │ ├───────────────────────────────────────────────────────────┤ │ │ CVE-2023-42365 │ │ │ │ │ busybox: use-after-free │ │ │ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-42365 │ └───────────────┴────────────────┴──────────┴────────┴───────────────────┴───────────────┴───────────────────────────────────────────────────────────┘
Java (jar) Total: 2 (UNKNOWN: 0, LOW: 0, MEDIUM: 1, HIGH: 1, CRITICAL: 0) ┌────────────────────────────────────────────────────────┬────────────────┬──────────┬────────┬───────────────────┬───────────────┬─────────────────────────────────────────────────────────────┐ │ Library │ Vulnerability │ Severity │ Status │ Installed Version │ Fixed Version │ Title │ ├────────────────────────────────────────────────────────┼────────────────┼──────────┼────────┼───────────────────┼───────────────┼─────────────────────────────────────────────────────────────┤ │ io.netty:netty-common (netty-common-4.1.114.Final.jar) │ CVE-2024-47535 │ HIGH │ fixed │ 4.1.114.Final │ 4.1.115 │ netty: Denial of Service attack on windows app using Netty │ │ │ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2024-47535 │ ├────────────────────────────────────────────────────────┼────────────────┼──────────┤ ├───────────────────┼───────────────┼─────────────────────────────────────────────────────────────┤ │ org.springframework:spring-context │ CVE-2024-38820 │ MEDIUM │ │ 6.1.13 │ 6.1.14 │ The fix for CVE-2022-22968 made disallowedFieldspatterns in │ │ (spring-context-6.1.13.jar) │ │ │ │ │ │ DataBinder ... │ │ │ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2024-38820 │ └────────────────────────────────────────────────────────┴────────────────┴──────────┴────────┴───────────────────┴───────────────┴─────────────────────────────────────────────────────────────┘
trivy image --ignore-unfixed openzipkin/zipkin:3.4.2
Ideally no known vulnerabilities.
The text was updated successfully, but these errors were encountered:
No branches or pull requests
Describe the Bug
The current container (openzipkin/zipkin:3.4.2) is reported to contain multiple vulnerable components.
Steps to Reproduce
trivy image --ignore-unfixed openzipkin/zipkin:3.4.2
Expected Behaviour
Ideally no known vulnerabilities.
The text was updated successfully, but these errors were encountered: