gitea-mirror/trivy
1
0
Fork 0
mirror of https://github.com/aquasecurity/trivy.git synced 2025-12-12 15:50:15 -08:00
Code Issues Packages Projects Releases Wiki Activity
Files
1f0d6290c33c95d5f213cc409a0ff6a53a2c888e
trivy/integration/testdata/mariner-1.0.json.golden
Juan Ariza Toledano 1f0d6290c3 feat(vuln): include pkg identifier on detected vulnerabilities (#5439) 
Signed-off-by: juan131 <jariza@vmware.com>
Signed-off-by: knqyf263 <knqyf263@gmail.com>
Co-authored-by: DmitriyLewen <dmitriy.lewen@smartforce.io>
Co-authored-by: DmitriyLewen <91113035+DmitriyLewen@users.noreply.github.com>
Co-authored-by: Nikita Pivkin <nikita.pivkin@smartforce.io>
Co-authored-by: knqyf263 <knqyf263@gmail.com>
2023-12-27 07:54:56 +00:00

136 lines
5.0 KiB
Plaintext
Raw Blame History

{
"SchemaVersion": 2,
"CreatedAt": "2021-08-25T12:20:30.000000005Z",
"ArtifactName": "testdata/fixtures/images/mariner-1.0.tar.gz",
"ArtifactType": "container_image",
"Metadata": {
"OS": {
"Family": "cbl-mariner",
"Name": "1.0.20220122"
},
"ImageID": "sha256:8cdcbf18341ed8afa5322e7b0077f8ef3f46896882c921df5f97c51b369f6767",
"DiffIDs": [
"sha256:4266328c97a194b2ca52ec83bc05496596303f5e9b244ffa99cf84763a487804"
],
"ImageConfig": {
"architecture": "amd64",
"created": "2022-01-27T01:19:38.526301656Z",
"docker_version": "20.10.12",
"history": [
{
"created": "2022-01-27T01:19:38.526301656Z",
"comment": "Imported from -"
}
],
"os": "linux",
"rootfs": {
"type": "layers",
"diff_ids": [
"sha256:4266328c97a194b2ca52ec83bc05496596303f5e9b244ffa99cf84763a487804"
]
},
"config": {}
}
},
"Results": [
{
"Target": "testdata/fixtures/images/mariner-1.0.tar.gz (cbl-mariner 1.0.20220122)",
"Class": "os-pkgs",
"Type": "cbl-mariner",
"Vulnerabilities": [
{
"VulnerabilityID": "CVE-2022-0261",
"PkgName": "vim",
"PkgIdentifier": {
"PURL": "pkg:cbl-mariner/vim@8.2.4081-1.cm1?arch=x86_64"
},
"InstalledVersion": "8.2.4081-1.cm1",
"Status": "affected",
"Layer": {
"Digest": "sha256:3df36548ffbf2fa7319966e038058a3d2a922880009e535202546a6b250b9d57",
"DiffID": "sha256:4266328c97a194b2ca52ec83bc05496596303f5e9b244ffa99cf84763a487804"
},
"SeveritySource": "cbl-mariner",
"PrimaryURL": "https://avd.aquasec.com/nvd/cve-2022-0261",
"DataSource": {
"ID": "cbl-mariner",
"Name": "CBL-Mariner Vulnerability Data",
"URL": "https://github.com/microsoft/CBL-MarinerVulnerabilityData"
},
"Title": "CVE-2022-0261 affecting package vim 8.2.4081",
"Description": "Heap-based Buffer Overflow in GitHub repository vim/vim prior to 8.2.",
"Severity": "HIGH",
"CweIDs": [
"CWE-122"
],
"VendorSeverity": {
"cbl-mariner": 3
},
"References": [
"https://github.com/vim/vim/commit/9f8c304c8a390ade133bac29963dc8e56ab14cbc",
"https://huntr.dev/bounties/fa795954-8775-4f23-98c6-d4d4d3fe8a82",
"https://nvd.nist.gov/vuln/detail/CVE-2022-0261"
],
"PublishedDate": "2022-01-18T16:15:00Z",
"LastModifiedDate": "2022-01-18T16:15:00Z"
},
{
"VulnerabilityID": "CVE-2022-0158",
"PkgName": "vim",
"PkgIdentifier": {
"PURL": "pkg:cbl-mariner/vim@8.2.4081-1.cm1?arch=x86_64"
},
"InstalledVersion": "8.2.4081-1.cm1",
"FixedVersion": "8.2.4082-1.cm1",
"Status": "fixed",
"Layer": {
"Digest": "sha256:3df36548ffbf2fa7319966e038058a3d2a922880009e535202546a6b250b9d57",
"DiffID": "sha256:4266328c97a194b2ca52ec83bc05496596303f5e9b244ffa99cf84763a487804"
},
"SeveritySource": "cbl-mariner",
"PrimaryURL": "https://avd.aquasec.com/nvd/cve-2022-0158",
"DataSource": {
"ID": "cbl-mariner",
"Name": "CBL-Mariner Vulnerability Data",
"URL": "https://github.com/microsoft/CBL-MarinerVulnerabilityData"
},
"Title": "vim: heap-based read buffer overflow in compile_get_env()",
"Description": "vim is vulnerable to Heap-based Buffer Overflow",
"Severity": "LOW",
"CweIDs": [
"CWE-122"
],
"VendorSeverity": {
"cbl-mariner": 1,
"nvd": 1,
"redhat": 1
},
"CVSS": {
"nvd": {
"V2Vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N",
"V3Vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N",
"V2Score": 4.3,
"V3Score": 3.3
},
"redhat": {
"V3Vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N",
"V3Score": 3.3
}
},
"References": [
"http://www.openwall.com/lists/oss-security/2022/01/15/1",
"https://access.redhat.com/security/cve/CVE-2022-0158",
"https://github.com/vim/vim/commit/5f25c3855071bd7e26255c68bf458b1b5cf92f39",
"https://huntr.dev/bounties/ac5d7005-07c6-4a0a-b251-ba9cdbf6738b",
"https://huntr.dev/bounties/ac5d7005-07c6-4a0a-b251-ba9cdbf6738b/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HD5S2FC2HF22A7XQXK2XXIR46EARVWIM/",
"https://nvd.nist.gov/vuln/detail/CVE-2022-0158"
],
"PublishedDate": "2022-01-10T16:15:00Z",
"LastModifiedDate": "2022-01-15T16:15:00Z"
}
]
}
]
}
Reference in New Issue View Git Blame Copy Permalink