Created
July 26, 2022 10:11
-
-
Save yano3/78cb494fa4783ba2a2bd82b18d2777c9 to your computer and use it in GitHub Desktop.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| $ trivy image --ignore-unfixed --severity HIGH,CRITICAL --vuln-type library ruby:2.7.5 | |
| 2022-07-26T19:10:10.109+0900 INFO Vulnerability scanning is enabled | |
| 2022-07-26T19:10:10.109+0900 INFO Secret scanning is enabled | |
| 2022-07-26T19:10:10.109+0900 INFO If your scanning is slow, please try '--security-checks vuln' to disable secret scanning | |
| 2022-07-26T19:10:10.109+0900 INFO Please see also https://aquasecurity.github.io/trivy/0.30.3/docs/secret/scanning/#recommendation for faster secret detection | |
| 2022-07-26T19:10:10.127+0900 INFO Number of language-specific files: 1 | |
| 2022-07-26T19:10:10.127+0900 INFO Detecting gemspec vulnerabilities... | |
| 2022-07-26T19:10:10.130+0900 INFO Table result includes only package filenames. Use '--format json' option to get the full path to the package file. | |
| Ruby (gemspec) | |
| Total: 5 (HIGH: 5, CRITICAL: 0) | |
| ┌─────────────────────────────────┬────────────────┬──────────┬───────────────────┬──────────────────────────────┬────────────────────────────────────────────────────────────┐ | |
| │ Library │ Vulnerability │ Severity │ Installed Version │ Fixed Version │ Title │ | |
| ├─────────────────────────────────┼────────────────┼──────────┼───────────────────┼──────────────────────────────┼────────────────────────────────────────────────────────────┤ | |
| │ bundler (bundler-2.1.4.gemspec) │ CVE-2020-36327 │ HIGH │ 2.1.4 │ >= 2.2.18, 2.2.10 │ rubygem-bundler: Dependencies of gems with explicit source │ | |
| │ │ │ │ │ │ may be installed from a... │ | |
| │ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2020-36327 │ | |
| ├─────────────────────────────────┼────────────────┼──────────┼───────────────────┼──────────────────────────────┼────────────────────────────────────────────────────────────┤ | |
| │ cgi (cgi-0.1.0.1.gemspec) │ CVE-2021-41816 │ HIGH │ 0.1.0.1 │ ~> 0.1.1, ~> 0.2.1, >= 0.3.1 │ ruby: buffer overflow in CGI.escape_html │ | |
| │ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2021-41816 │ | |
| │ ├────────────────┤ │ │ ├────────────────────────────────────────────────────────────┤ | |
| │ │ CVE-2021-41819 │ │ │ │ ruby: Cookie prefix spoofing in CGI::Cookie.parse │ | |
| │ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2021-41819 │ | |
| ├─────────────────────────────────┼────────────────┤ ├───────────────────┼──────────────────────────────┼────────────────────────────────────────────────────────────┤ | |
| │ rdoc (rdoc-6.2.1.1.gemspec) │ CVE-2021-31799 │ │ 6.2.1.1 │ >= 6.3.1 │ rubygem-rdoc: Command injection vulnerability in RDoc │ | |
| │ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2021-31799 │ | |
| ├─────────────────────────────────┼────────────────┤ ├───────────────────┼──────────────────────────────┼────────────────────────────────────────────────────────────┤ | |
| │ rexml (rexml-3.2.3.1.gemspec) │ CVE-2021-28965 │ │ 3.2.3.1 │ >= 3.2.5 │ ruby: XML round-trip vulnerability in REXML │ | |
| │ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2021-28965 │ | |
| └─────────────────────────────────┴────────────────┴──────────┴───────────────────┴──────────────────────────────┴────────────────────────────────────────────────────────────┘ |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment