Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

DEVOPS-2804 Update docker scout creds #109

Open
wants to merge 1 commit into
base: stable/4.10
Choose a base branch
from
Open

Conversation

nedvna
Copy link
Contributor

@nedvna nedvna commented Jul 16, 2024

No description provided.

Copy link

github-actions bot commented Jul 16, 2024

Overview

Image reference wallarm/node:latest node-x86_64.tar
- digest 69e78a93cfb4 7186f2b523c8
- tag latest
- provenance 2010096 git-673b4fc
- vulnerabilities critical: 0 high: 1 medium: 1 low: 0 critical: 0 high: 1 medium: 1 low: 0
- platform linux/amd64 linux/amd64
- size 246 MB 274 MB (+29 MB)
- packages 331 331
Base Image alpine:3
also known as:
3.20
3.20.1
latest
alpine:3
also known as:
3.20
3.20.1
latest
- vulnerabilities critical: 1 high: 0 medium: 0 low: 0 critical: 1 high: 0 medium: 0 low: 0
Labels (2 changes)
  • ± 2 changed
  • 8 unchanged
 com.wallarm.nginx-docker.versions.aio=4.10.8
 com.wallarm.nginx-docker.versions.alpine=3.20
 com.wallarm.nginx-docker.versions.gomplate=3.11.7
 com.wallarm.nginx-docker.versions.nginx=1.26.1
 org.opencontainers.image.documentation=https://docs.wallarm.com/installation/inline/compute-instances/docker/nginx-based
-org.opencontainers.image.revision=git-2010096
+org.opencontainers.image.revision=git-673b4fc
 org.opencontainers.image.source=https://github.com/wallarm/docker-wallarm-node
 org.opencontainers.image.title=Docker official image for Wallarm Node. API security platform agent
 org.opencontainers.image.vendor=Wallarm
-org.opencontainers.image.version=4.10.8-1
+org.opencontainers.image.version=test

Copy link

🔍 Vulnerabilities of node-x86_64.tar

📦 Image Reference node-x86_64.tar
digestsha256:7186f2b523c82bc2b793e401976bfd22fce586dd1a7565caf35385a99b6e41b0
vulnerabilitiescritical: 0 high: 1 medium: 0 low: 0
size274 MB
packages331
📦 Base Image alpine:3
also known as
  • 3.20
  • 3.20.1
  • latest
digestsha256:dabf91b69c191a1a0a1628fd6bdd029c0c4018041c7f052870bb13c5a222ae76
vulnerabilitiescritical: 1 high: 0 medium: 0 low: 0
critical: 0 high: 1 medium: 0 low: 0 setuptools 68.0.0 (pypi)

pkg:pypi/[email protected]

high 8.8: CVE--2024--6345 Improper Control of Generation of Code ('Code Injection')

Affected range<70.0.0
Fixed version70.0.0
CVSS Score8.8
CVSS VectorCVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
EPSS Score0.04%
EPSS Percentile9th percentile
Description

A vulnerability in the package_index module of pypa/setuptools versions up to 69.1.1 allows for remote code execution via its download functions. These functions, which are used to download packages from URLs provided by users or retrieved from package index servers, are susceptible to code injection. If these functions are exposed to user-controlled inputs, such as package URLs, they can execute arbitrary commands on the system. The issue is fixed in version 70.0.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

1 participant