gitea-mirror/trivy
1
0
Fork 0
mirror of https://github.com/aquasecurity/trivy.git synced 2025-12-12 15:50:15 -08:00
Code Issues Packages Projects Releases Wiki Activity
Files
1f0d6290c33c95d5f213cc409a0ff6a53a2c888e
trivy/integration/testdata/mix.lock.json.golden
Juan Ariza Toledano 1f0d6290c3 feat(vuln): include pkg identifier on detected vulnerabilities (#5439) 
Signed-off-by: juan131 <jariza@vmware.com>
Signed-off-by: knqyf263 <knqyf263@gmail.com>
Co-authored-by: DmitriyLewen <dmitriy.lewen@smartforce.io>
Co-authored-by: DmitriyLewen <91113035+DmitriyLewen@users.noreply.github.com>
Co-authored-by: Nikita Pivkin <nikita.pivkin@smartforce.io>
Co-authored-by: knqyf263 <knqyf263@gmail.com>
2023-12-27 07:54:56 +00:00

219 lines
5.6 KiB
Plaintext
Raw Blame History

{
"SchemaVersion": 2,
"CreatedAt": "2021-08-25T12:20:30.000000005Z",
"ArtifactName": "testdata/fixtures/repo/mixlock",
"ArtifactType": "repository",
"Metadata": {
"ImageConfig": {
"architecture": "",
"created": "0001-01-01T00:00:00Z",
"os": "",
"rootfs": {
"type": "",
"diff_ids": null
},
"config": {}
}
},
"Results": [
{
"Target": "mix.lock",
"Class": "lang-pkgs",
"Type": "hex",
"Packages": [
{
"ID": "castore@0.1.18",
"Name": "castore",
"Identifier": {
"PURL": "pkg:hex/castore@0.1.18"
},
"Version": "0.1.18",
"Layer": {},
"Locations": [
{
"StartLine": 2,
"EndLine": 2
}
]
},
{
"ID": "jason@1.4.0",
"Name": "jason",
"Identifier": {
"PURL": "pkg:hex/jason@1.4.0"
},
"Version": "1.4.0",
"Layer": {},
"Locations": [
{
"StartLine": 3,
"EndLine": 3
}
]
},
{
"ID": "phoenix@1.6.13",
"Name": "phoenix",
"Identifier": {
"PURL": "pkg:hex/phoenix@1.6.13"
},
"Version": "1.6.13",
"Layer": {},
"Locations": [
{
"StartLine": 4,
"EndLine": 4
}
]
},
{
"ID": "phoenix_html@3.2.0",
"Name": "phoenix_html",
"Identifier": {
"PURL": "pkg:hex/phoenix_html@3.2.0"
},
"Version": "3.2.0",
"Layer": {},
"Locations": [
{
"StartLine": 5,
"EndLine": 5
}
]
},
{
"ID": "phoenix_pubsub@2.1.1",
"Name": "phoenix_pubsub",
"Identifier": {
"PURL": "pkg:hex/phoenix_pubsub@2.1.1"
},
"Version": "2.1.1",
"Layer": {},
"Locations": [
{
"StartLine": 6,
"EndLine": 6
}
]
},
{
"ID": "phoenix_template@1.0.0",
"Name": "phoenix_template",
"Identifier": {
"PURL": "pkg:hex/phoenix_template@1.0.0"
},
"Version": "1.0.0",
"Layer": {},
"Locations": [
{
"StartLine": 7,
"EndLine": 7
}
]
},
{
"ID": "phoenix_view@2.0.1",
"Name": "phoenix_view",
"Identifier": {
"PURL": "pkg:hex/phoenix_view@2.0.1"
},
"Version": "2.0.1",
"Layer": {},
"Locations": [
{
"StartLine": 8,
"EndLine": 8
}
]
},
{
"ID": "plug@1.14.0",
"Name": "plug",
"Identifier": {
"PURL": "pkg:hex/plug@1.14.0"
},
"Version": "1.14.0",
"Layer": {},
"Locations": [
{
"StartLine": 9,
"EndLine": 9
}
]
},
{
"ID": "plug_crypto@1.2.3",
"Name": "plug_crypto",
"Identifier": {
"PURL": "pkg:hex/plug_crypto@1.2.3"
},
"Version": "1.2.3",
"Layer": {},
"Locations": [
{
"StartLine": 10,
"EndLine": 10
}
]
},
{
"ID": "telemetry@1.1.0",
"Name": "telemetry",
"Identifier": {
"PURL": "pkg:hex/telemetry@1.1.0"
},
"Version": "1.1.0",
"Layer": {},
"Locations": [
{
"StartLine": 11,
"EndLine": 11
}
]
}
],
"Vulnerabilities": [
{
"VulnerabilityID": "CVE-2022-42975",
"PkgID": "phoenix@1.6.13",
"PkgName": "phoenix",
"PkgIdentifier": {
"PURL": "pkg:hex/phoenix@1.6.13"
},
"InstalledVersion": "1.6.13",
"FixedVersion": "1.6.14",
"Status": "fixed",
"Layer": {},
"SeveritySource": "ghsa",
"PrimaryURL": "https://avd.aquasec.com/nvd/cve-2022-42975",
"DataSource": {
"ID": "ghsa",
"Name": "GitHub Security Advisory Erlang",
"URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Aerlang"
},
"Title": "Phoenix before 1.6.14 mishandles check_origin wildcarding",
"Description": "socket/transport.ex in Phoenix before 1.6.14 mishandles check_origin wildcarding. NOTE: LiveView applications are unaffected by default because of the presence of a LiveView CSRF token.",
"Severity": "HIGH",
"VendorSeverity": {
"ghsa": 3
},
"CVSS": {
"ghsa": {
"V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
"V3Score": 7.5
}
},
"References": [
"https://nvd.nist.gov/vuln/detail/CVE-2022-42975",
"https://github.com/phoenixframework/phoenix/commit/6e7185b33a59e0b1d1c0b4223adf340a73e963ae",
"https://hexdocs.pm/phoenix/1.6.14/changelog.html#1-6-14-2022-10-10",
"https://github.com/advisories/GHSA-p8f7-22gq-m7j9"
],
"PublishedDate": "2022-10-17T12:00:27Z",
"LastModifiedDate": "2022-10-18T18:01:44Z"
}
]
}
]
}
Reference in New Issue View Git Blame Copy Permalink