Skip to content

Instantly share code, notes, and snippets.

@cdupuis

cdupuis/gist:04874ce37eff4105dbcd1b7d2b9e2166

Last active May 8, 2024 12:19
Show Gist options
  • Save cdupuis/04874ce37eff4105dbcd1b7d2b9e2166 to your computer and use it in GitHub Desktop.
Save cdupuis/04874ce37eff4105dbcd1b7d2b9e2166 to your computer and use it in GitHub Desktop.
Download ZIP
Raw
gistfile1.txt
{
"version": "15.0.6",
"vulnerabilities": [
{
"id": "b8b00cd988d5f008916a3ca2bd8c42cbf50fe654f281b3d3bbaddf424015a58e",
"category": "container_scanning",
"message": "CVE-2024-24788 on [email protected]",
"description": "A malformed DNS message in response to a query can cause the Lookup functions to get stuck in an infinite loop.",
"cve": "CVE-2024-24788",
"severity": "Unknown",
"confidence": "Unknown",
"solution": "Upgrade [email protected] to 1.22.3",
"scanner": {
"id": "docker-scout",
"name": "Docker Scout"
},
"location": {
"dependency": {
"package": {
"name": "pkg:golang/[email protected]"
},
"version": "1.22.2"
},
"operating_system": "unknown",
"image": "docker/scout-cli:1a74938"
},
"identifiers": [
{
"type": "cve",
"name": "CVE-2024-24788",
"value": "CVE-2024-24788",
"url": "https://scout.docker.com/v/CVE-2024-24788?s=golang&n=stdlib&t=golang&vr=%3E%3D1.22.0-0%2C%3C1.22.3"
}
],
"links": [
{
"url": "https://scout.docker.com/v/CVE-2024-24788?s=golang&n=stdlib&t=golang&vr=%3E%3D1.22.0-0%2C%3C1.22.3"
}
]
},
{
"id": "7ac1ae3e138144e92b48a74430192d42bedd75dbc66fb1c7215a4cb60444c1ce",
"category": "container_scanning",
"message": "CVE-2020-8912 on github.com/aws/[email protected]",
"description": "The Go AWS S3 Crypto SDK contains vulnerabilities that can permit an attacker with write access to a bucket to decrypt files in that bucket.\n\nFiles encrypted by the V1 EncryptionClient using either the AES-CBC content cipher or the KMS key wrap algorithm are vulnerable. Users should migrate to the V1 EncryptionClientV2 API, which will not create vulnerable files. Old files will remain vulnerable until re-encrypted with the new client.\n\n**VEX**\n\nhttps://scout.docker.com/public/vex-494c043465bc1cd50985521d9e606d19d8de4bbae76519c12b0b3750b6cbcb97\nnot affected [vulnerable code not in execute path]\nManually verified by govulncheck\[email protected]",
"cve": "CVE-2020-8912",
"severity": "Low",
"confidence": "Unknown",
"scanner": {
"id": "docker-scout",
"name": "Docker Scout"
},
"location": {
"dependency": {
"package": {
"name": "pkg:golang/github.com/aws/[email protected]"
},
"version": "1.44.288"
},
"operating_system": "unknown",
"image": "docker/scout-cli:1a74938"
},
"identifiers": [
{
"type": "cve",
"name": "CVE-2020-8912",
"value": "CVE-2020-8912",
"url": "https://scout.docker.com/v/CVE-2020-8912?s=golang&n=aws-sdk-go&ns=github.com%2Faws&t=golang&vr=%3E%3D0"
}
],
"links": [
{
"url": "https://scout.docker.com/v/CVE-2020-8912?s=golang&n=aws-sdk-go&ns=github.com%2Faws&t=golang&vr=%3E%3D0"
}
],
"flags": [
{
"type": "flagged-as-likely-false-positive",
"origin": "Docker Scout",
"description": "https://scout.docker.com/public/vex-494c043465bc1cd50985521d9e606d19d8de4bbae76519c12b0b3750b6cbcb97\nnot affected [vulnerable code not in execute path]\nManually verified by govulncheck\[email protected]"
}
]
},
{
"id": "4dd7109d31e3d5476c4f2baf2dcfb12b373740db4eed99b75d3cea382e225ab9",
"category": "container_scanning",
"message": "CVE-2020-8911 on github.com/aws/[email protected]",
"description": "The Go AWS S3 Crypto SDK contains vulnerabilities that can permit an attacker with write access to a bucket to decrypt files in that bucket.\n\nFiles encrypted by the V1 EncryptionClient using either the AES-CBC content cipher or the KMS key wrap algorithm are vulnerable. Users should migrate to the V1 EncryptionClientV2 API, which will not create vulnerable files. Old files will remain vulnerable until re-encrypted with the new client.\n\n**VEX**\n\nhttps://scout.docker.com/public/vex-494c043465bc1cd50985521d9e606d19d8de4bbae76519c12b0b3750b6cbcb97\nnot affected [vulnerable code not in execute path]\nManually verified by govulncheck\[email protected]",
"cve": "CVE-2020-8911",
"severity": "Medium",
"confidence": "Unknown",
"scanner": {
"id": "docker-scout",
"name": "Docker Scout"
},
"location": {
"dependency": {
"package": {
"name": "pkg:golang/github.com/aws/[email protected]"
},
"version": "1.44.288"
},
"operating_system": "unknown",
"image": "docker/scout-cli:1a74938"
},
"identifiers": [
{
"type": "cve",
"name": "CVE-2020-8911",
"value": "CVE-2020-8911",
"url": "https://scout.docker.com/v/CVE-2020-8911?s=golang&n=aws-sdk-go&ns=github.com%2Faws&t=golang&vr=%3E%3D0"
}
],
"links": [
{
"url": "https://scout.docker.com/v/CVE-2020-8911?s=golang&n=aws-sdk-go&ns=github.com%2Faws&t=golang&vr=%3E%3D0"
}
],
"flags": [
{
"type": "flagged-as-likely-false-positive",
"origin": "Docker Scout",
"description": "https://scout.docker.com/public/vex-494c043465bc1cd50985521d9e606d19d8de4bbae76519c12b0b3750b6cbcb97\nnot affected [vulnerable code not in execute path]\nManually verified by govulncheck\[email protected]"
}
]
},
{
"id": "4fc6ce5875b45996057f9cb0688ee97363a4c1f01ad27d8091f92d510545a1b5",
"category": "container_scanning",
"message": "CVE-2024-0406 on github.com/mholt/[email protected]",
"description": "A flaw was discovered in the mholt/archiver package. This flaw allows an attacker to create a specially crafted tar file, which, when unpacked, may allow access to restricted files or directories. This issue can allow the creation or overwriting of files with the user's or application's privileges using the library.\n\n**VEX**\n\nhttps://scout.docker.com/public/vex-494c043465bc1cd50985521d9e606d19d8de4bbae76519c12b0b3750b6cbcb97\nnot affected [vulnerable code not in execute path]\nManually verified by govulncheck\[email protected]",
"cve": "CVE-2024-0406",
"severity": "Medium",
"confidence": "Unknown",
"scanner": {
"id": "docker-scout",
"name": "Docker Scout"
},
"location": {
"dependency": {
"package": {
"name": "pkg:golang/github.com/mholt/[email protected]#v3"
},
"version": "3.5.1"
},
"operating_system": "unknown",
"image": "docker/scout-cli:1a74938"
},
"identifiers": [
{
"type": "cve",
"name": "CVE-2024-0406",
"value": "CVE-2024-0406",
"url": "https://scout.docker.com/v/CVE-2024-0406?s=github&n=v3&ns=github.com%2Fmholt%2Farchiver&t=golang&vr=%3E%3D3.0.0%2C%3C%3D3.5.1"
}
],
"links": [
{
"url": "https://scout.docker.com/v/CVE-2024-0406?s=github&n=v3&ns=github.com%2Fmholt%2Farchiver&t=golang&vr=%3E%3D3.0.0%2C%3C%3D3.5.1"
}
],
"flags": [
{
"type": "flagged-as-likely-false-positive",
"origin": "Docker Scout",
"description": "https://scout.docker.com/public/vex-494c043465bc1cd50985521d9e606d19d8de4bbae76519c12b0b3750b6cbcb97\nnot affected [vulnerable code not in execute path]\nManually verified by govulncheck\[email protected]"
}
]
}
],
"remediations": [],
"scan": {
"start_time": "2024-05-08T14:18:41",
"end_time": "2024-05-08T14:18:41",
"status": "success",
"type": "container_scanning",
"scanner": {
"id": "docker-scout",
"name": "Docker Scout",
"version": "1.8.0-11-g19ce70f",
"vendor": {
"name": "Docker"
}
},
"analyzer": {
"id": "docker-scout",
"name": "Docker Scout",
"version": "1.8.0-11-g19ce70f",
"vendor": {
"name": "Docker"
}
}
}
}
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment