gitea-mirror/trivy
1
0
Fork 0
mirror of https://github.com/aquasecurity/trivy.git synced 2025-12-12 15:50:15 -08:00
Code Issues Packages Projects Releases Wiki Activity
Files
1f0d6290c33c95d5f213cc409a0ff6a53a2c888e
trivy/integration/testdata/poetry.json.golden
Juan Ariza Toledano 1f0d6290c3 feat(vuln): include pkg identifier on detected vulnerabilities (#5439) 
Signed-off-by: juan131 <jariza@vmware.com>
Signed-off-by: knqyf263 <knqyf263@gmail.com>
Co-authored-by: DmitriyLewen <dmitriy.lewen@smartforce.io>
Co-authored-by: DmitriyLewen <91113035+DmitriyLewen@users.noreply.github.com>
Co-authored-by: Nikita Pivkin <nikita.pivkin@smartforce.io>
Co-authored-by: knqyf263 <knqyf263@gmail.com>
2023-12-27 07:54:56 +00:00

118 lines
3.7 KiB
Plaintext
Raw Blame History

{
"SchemaVersion": 2,
"CreatedAt": "2021-08-25T12:20:30.000000005Z",
"ArtifactName": "testdata/fixtures/repo/poetry",
"ArtifactType": "repository",
"Metadata": {
"ImageConfig": {
"architecture": "",
"created": "0001-01-01T00:00:00Z",
"os": "",
"rootfs": {
"type": "",
"diff_ids": null
},
"config": {}
}
},
"Results": [
{
"Target": "poetry.lock",
"Class": "lang-pkgs",
"Type": "poetry",
"Packages": [
{
"ID": "click@8.1.3",
"Name": "click",
"Identifier": {
"PURL": "pkg:pypi/click@8.1.3"
},
"Version": "8.1.3",
"DependsOn": [
"colorama@0.4.6"
],
"Layer": {}
},
{
"ID": "colorama@0.4.6",
"Name": "colorama",
"Identifier": {
"PURL": "pkg:pypi/colorama@0.4.6"
},
"Version": "0.4.6",
"Indirect": true,
"Layer": {}
},
{
"ID": "werkzeug@0.14",
"Name": "werkzeug",
"Identifier": {
"PURL": "pkg:pypi/werkzeug@0.14"
},
"Version": "0.14",
"Layer": {}
}
],
"Vulnerabilities": [
{
"VulnerabilityID": "CVE-2019-14806",
"PkgID": "werkzeug@0.14",
"PkgName": "werkzeug",
"PkgIdentifier": {
"PURL": "pkg:pypi/werkzeug@0.14"
},
"InstalledVersion": "0.14",
"FixedVersion": "0.15.3",
"Status": "fixed",
"Layer": {},
"SeveritySource": "ghsa",
"PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-14806",
"DataSource": {
"ID": "ghsa",
"Name": "GitHub Security Advisory Pip",
"URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Apip"
},
"Title": "python-werkzeug: insufficient debugger PIN randomness vulnerability",
"Description": "Pallets Werkzeug before 0.15.3, when used with Docker, has insufficient debugger PIN randomness because Docker containers share the same machine id.",
"Severity": "HIGH",
"CweIDs": [
"CWE-331"
],
"VendorSeverity": {
"ghsa": 3,
"nvd": 3,
"redhat": 2,
"ubuntu": 1
},
"CVSS": {
"nvd": {
"V2Vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"V2Score": 5,
"V3Score": 7.5
},
"redhat": {
"V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"V3Score": 7.5
}
},
"References": [
"http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00034.html",
"http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00047.html",
"https://access.redhat.com/security/cve/CVE-2019-14806",
"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-14806",
"https://github.com/advisories/GHSA-gq9m-qvpx-68hc",
"https://github.com/pallets/werkzeug/blob/7fef41b120327d3912fbe12fb64f1951496fcf3e/src/werkzeug/debug/__init__.py#L168",
"https://github.com/pallets/werkzeug/commit/00bc43b1672e662e5e3b8cecd79e67fc968fa246",
"https://nvd.nist.gov/vuln/detail/CVE-2019-14806",
"https://palletsprojects.com/blog/werkzeug-0-15-3-released/",
"https://ubuntu.com/security/notices/USN-4655-1"
],
"PublishedDate": "2019-08-09T15:15:00Z",
"LastModifiedDate": "2019-09-11T00:15:00Z"
}
]
}
]
}
Reference in New Issue View Git Blame Copy Permalink