mirror of
https://github.com/aquasecurity/trivy.git
synced 2025-12-12 15:50:15 -08:00
1f0d6290c3
Signed-off-by: juan131 <jariza@vmware.com> Signed-off-by: knqyf263 <knqyf263@gmail.com> Co-authored-by: DmitriyLewen <dmitriy.lewen@smartforce.io> Co-authored-by: DmitriyLewen <91113035+DmitriyLewen@users.noreply.github.com> Co-authored-by: Nikita Pivkin <nikita.pivkin@smartforce.io> Co-authored-by: knqyf263 <knqyf263@gmail.com>
151 lines
5.6 KiB
Plaintext
151 lines
5.6 KiB
Plaintext
{
|
|
"SchemaVersion": 2,
|
|
"CreatedAt": "2021-08-25T12:20:30.000000005Z",
|
|
"ArtifactName": "testdata/fixtures/images/busybox-with-lockfile.tar.gz",
|
|
"ArtifactType": "container_image",
|
|
"Metadata": {
|
|
"ImageID": "sha256:88702f6b6133bf06cc46af48437d0c0fc661239155548757c65916504a0e5eee",
|
|
"DiffIDs": [
|
|
"sha256:797ac4999b67d8c38a596919efa5b7b6a4a8fd5814cb8564efa482c5d8403e6d",
|
|
"sha256:ea6f6933da66090da8bfe233d68f083792a68f944cd2d8f9fbb52da795813a4f"
|
|
],
|
|
"ImageConfig": {
|
|
"architecture": "amd64",
|
|
"created": "2022-06-07T04:24:40.230164Z",
|
|
"docker_version": "20.10.14",
|
|
"history": [
|
|
{
|
|
"created": "2022-03-11T20:19:46.778911455Z",
|
|
"created_by": "/bin/sh -c #(nop) ADD file:39f6523fbc03f554a59461a34850d68c31cd5822e5a6fddf2d0ea198ed9a11c4 in / "
|
|
},
|
|
{
|
|
"created": "2022-03-11T20:19:46.866228701Z",
|
|
"created_by": "/bin/sh -c #(nop) CMD [\"sh\"]",
|
|
"empty_layer": true
|
|
},
|
|
{
|
|
"created": "2022-06-07T04:24:40.230164Z",
|
|
"created_by": "/bin/sh -c #(nop) COPY file:343df0159abcc51b06b4e56bfd4c06d2003b88947ed93b0cec6214ae5985669e in . "
|
|
}
|
|
],
|
|
"os": "linux",
|
|
"rootfs": {
|
|
"type": "layers",
|
|
"diff_ids": [
|
|
"sha256:797ac4999b67d8c38a596919efa5b7b6a4a8fd5814cb8564efa482c5d8403e6d",
|
|
"sha256:ea6f6933da66090da8bfe233d68f083792a68f944cd2d8f9fbb52da795813a4f"
|
|
]
|
|
},
|
|
"config": {
|
|
"Cmd": [
|
|
"sh"
|
|
],
|
|
"Env": [
|
|
"PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin"
|
|
],
|
|
"Image": "sha256:2fb6fc2d97e10c79983aa10e013824cc7fc8bae50630e32159821197dda95fe3"
|
|
}
|
|
}
|
|
},
|
|
"Results": [
|
|
{
|
|
"Target": "Cargo.lock",
|
|
"Class": "lang-pkgs",
|
|
"Type": "cargo",
|
|
"Vulnerabilities": [
|
|
{
|
|
"VulnerabilityID": "CVE-2019-15542",
|
|
"PkgID": "ammonia@1.9.0",
|
|
"PkgName": "ammonia",
|
|
"PkgIdentifier": {
|
|
"PURL": "pkg:cargo/ammonia@1.9.0"
|
|
},
|
|
"InstalledVersion": "1.9.0",
|
|
"FixedVersion": "\u003e= 2.1.0",
|
|
"Status": "fixed",
|
|
"Layer": {
|
|
"Digest": "sha256:fd2e3bc9bccc9c677572a542d020998389de94f127ca2c252ae627fc7c241cee",
|
|
"DiffID": "sha256:ea6f6933da66090da8bfe233d68f083792a68f944cd2d8f9fbb52da795813a4f"
|
|
},
|
|
"SeveritySource": "nvd",
|
|
"PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-15542",
|
|
"DataSource": {
|
|
"Name": "RustSec Advisory Database",
|
|
"URL": "https://github.com/RustSec/advisory-db"
|
|
},
|
|
"Title": "Uncontrolled recursion leads to abort in HTML serialization",
|
|
"Description": "An issue was discovered in the ammonia crate before 2.1.0 for Rust. There is uncontrolled recursion during HTML DOM tree serialization.",
|
|
"Severity": "HIGH",
|
|
"CweIDs": [
|
|
"CWE-674"
|
|
],
|
|
"VendorSeverity": {
|
|
"nvd": 3
|
|
},
|
|
"CVSS": {
|
|
"nvd": {
|
|
"V2Vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
|
|
"V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
|
|
"V2Score": 5,
|
|
"V3Score": 7.5
|
|
}
|
|
},
|
|
"References": [
|
|
"https://crates.io/crates/ammonia",
|
|
"https://github.com/rust-ammonia/ammonia/blob/master/CHANGELOG.md#210",
|
|
"https://rustsec.org/advisories/RUSTSEC-2019-0001.html"
|
|
],
|
|
"PublishedDate": "2019-08-26T18:15:00Z",
|
|
"LastModifiedDate": "2020-08-24T17:37:00Z"
|
|
},
|
|
{
|
|
"VulnerabilityID": "CVE-2021-38193",
|
|
"PkgID": "ammonia@1.9.0",
|
|
"PkgName": "ammonia",
|
|
"PkgIdentifier": {
|
|
"PURL": "pkg:cargo/ammonia@1.9.0"
|
|
},
|
|
"InstalledVersion": "1.9.0",
|
|
"FixedVersion": "\u003e= 3.1.0, \u003e= 2.1.3, \u003c 3.0.0",
|
|
"Status": "fixed",
|
|
"Layer": {
|
|
"Digest": "sha256:fd2e3bc9bccc9c677572a542d020998389de94f127ca2c252ae627fc7c241cee",
|
|
"DiffID": "sha256:ea6f6933da66090da8bfe233d68f083792a68f944cd2d8f9fbb52da795813a4f"
|
|
},
|
|
"SeveritySource": "nvd",
|
|
"PrimaryURL": "https://avd.aquasec.com/nvd/cve-2021-38193",
|
|
"DataSource": {
|
|
"Name": "RustSec Advisory Database",
|
|
"URL": "https://github.com/RustSec/advisory-db"
|
|
},
|
|
"Title": "Incorrect handling of embedded SVG and MathML leads to mutation XSS",
|
|
"Description": "An issue was discovered in the ammonia crate before 3.1.0 for Rust. XSS can occur because the parsing differences for HTML, SVG, and MathML are mishandled, a similar issue to CVE-2020-26870.",
|
|
"Severity": "MEDIUM",
|
|
"CweIDs": [
|
|
"CWE-79"
|
|
],
|
|
"VendorSeverity": {
|
|
"nvd": 2
|
|
},
|
|
"CVSS": {
|
|
"nvd": {
|
|
"V2Vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
|
|
"V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
|
|
"V2Score": 4.3,
|
|
"V3Score": 6.1
|
|
}
|
|
},
|
|
"References": [
|
|
"https://crates.io/crates/ammonia",
|
|
"https://github.com/rust-ammonia/ammonia/pull/142",
|
|
"https://raw.githubusercontent.com/rustsec/advisory-db/main/crates/ammonia/RUSTSEC-2021-0074.md",
|
|
"https://rustsec.org/advisories/RUSTSEC-2021-0074.html"
|
|
],
|
|
"PublishedDate": "2021-08-08T06:15:00Z",
|
|
"LastModifiedDate": "2021-08-16T16:37:00Z"
|
|
}
|
|
]
|
|
}
|
|
]
|
|
}
|