forked from weaveworks/weave
-
Notifications
You must be signed in to change notification settings - Fork 9
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
- Loading branch information
Showing
2 changed files
with
87 additions
and
83 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -1 +1 @@ | ||
| {"schemaVersion": 1, "label": "Vulnerabilty count", "message": "18", "color": "orange"} | ||
| {"schemaVersion": 1, "label": "Vulnerabilty count", "message": "19", "color": "orange"} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -1,115 +1,119 @@ | ||
| # Vulnerability Report | ||
|
|
||
| ``` | ||
| Report date: 2024-04-10 | ||
| Unique vulnerability count: 18 | ||
| Report date: 2024-05-04 | ||
| Unique vulnerability count: 19 | ||
| Images version: 2.8.6 | ||
| ``` | ||
|
|
||
| ## Scanner Details | ||
|
|
||
| ``` | ||
| Application: grype | ||
| Version: 0.74.7 | ||
| BuildDate: 2024-02-26T18:24:14Z | ||
| GitCommit: 987238519b8d6e302130ab715f20daed6634da68 | ||
| GitDescription: v0.74.7 | ||
| Version: 0.77.2 | ||
| BuildDate: 2024-05-01T16:20:45Z | ||
| GitCommit: bd16101ad0ed30c38e95d0992d0ad53f709dc5df | ||
| GitDescription: v0.77.2 | ||
| Platform: linux/amd64 | ||
| GoVersion: go1.21.7 | ||
| GoVersion: go1.21.9 | ||
| Compiler: gc | ||
| Syft Version: v0.105.1 | ||
| Syft Version: v1.3.0 | ||
| Supported DB Schema: 5 | ||
| ``` | ||
|
|
||
| ## Vulnerabilities | ||
|
|
||
| ### weave-kube: (18) | ||
| ### weave-kube: (19) | ||
|
|
||
| ``` | ||
| NAME INSTALLED FIXED-IN TYPE VULNERABILITY SEVERITY | ||
| busybox 1.36.1-r15 apk CVE-2023-42366 Medium | ||
| busybox 1.36.1-r15 apk CVE-2023-42365 Medium | ||
| busybox 1.36.1-r15 apk CVE-2023-42364 Medium | ||
| busybox 1.36.1-r15 apk CVE-2023-42363 Medium | ||
| busybox-binsh 1.36.1-r15 apk CVE-2023-42366 Medium | ||
| busybox-binsh 1.36.1-r15 apk CVE-2023-42365 Medium | ||
| busybox-binsh 1.36.1-r15 apk CVE-2023-42364 Medium | ||
| busybox-binsh 1.36.1-r15 apk CVE-2023-42363 Medium | ||
| curl 8.5.0-r0 apk CVE-2024-0853 Medium | ||
| curl 8.5.0-r0 apk CVE-2024-2466 Unknown | ||
| curl 8.5.0-r0 apk CVE-2024-2398 Unknown | ||
| curl 8.5.0-r0 apk CVE-2024-2004 Unknown | ||
| libuv 1.47.0-r0 apk CVE-2024-24806 High | ||
| nghttp2-libs 1.58.0-r0 apk CVE-2024-28182 Medium | ||
| ssl_client 1.36.1-r15 apk CVE-2023-42366 Medium | ||
| ssl_client 1.36.1-r15 apk CVE-2023-42365 Medium | ||
| ssl_client 1.36.1-r15 apk CVE-2023-42364 Medium | ||
| ssl_client 1.36.1-r15 apk CVE-2023-42363 Medium | ||
| NAME INSTALLED FIXED-IN TYPE VULNERABILITY SEVERITY | ||
| busybox 1.36.1-r15 apk CVE-2023-42366 Medium | ||
| busybox 1.36.1-r15 apk CVE-2023-42365 Medium | ||
| busybox 1.36.1-r15 apk CVE-2023-42364 Medium | ||
| busybox 1.36.1-r15 apk CVE-2023-42363 Medium | ||
| busybox-binsh 1.36.1-r15 apk CVE-2023-42366 Medium | ||
| busybox-binsh 1.36.1-r15 apk CVE-2023-42365 Medium | ||
| busybox-binsh 1.36.1-r15 apk CVE-2023-42364 Medium | ||
| busybox-binsh 1.36.1-r15 apk CVE-2023-42363 Medium | ||
| curl 8.5.0-r0 apk CVE-2024-0853 Medium | ||
| curl 8.5.0-r0 apk CVE-2024-2466 Unknown | ||
| curl 8.5.0-r0 apk CVE-2024-2398 Unknown | ||
| curl 8.5.0-r0 apk CVE-2024-2004 Unknown | ||
| golang.org/x/net v0.17.0 0.23.0 go-module GHSA-4v7x-pqxf-cx7m Medium | ||
| libuv 1.47.0-r0 apk CVE-2024-24806 High | ||
| nghttp2-libs 1.58.0-r0 apk CVE-2024-28182 Medium | ||
| ssl_client 1.36.1-r15 apk CVE-2023-42366 Medium | ||
| ssl_client 1.36.1-r15 apk CVE-2023-42365 Medium | ||
| ssl_client 1.36.1-r15 apk CVE-2023-42364 Medium | ||
| ssl_client 1.36.1-r15 apk CVE-2023-42363 Medium | ||
| ``` | ||
|
|
||
| ### weave-npc: (12) | ||
| ### weave-npc: (13) | ||
|
|
||
| ``` | ||
| NAME INSTALLED FIXED-IN TYPE VULNERABILITY SEVERITY | ||
| busybox 1.36.1-r15 apk CVE-2023-42366 Medium | ||
| busybox 1.36.1-r15 apk CVE-2023-42365 Medium | ||
| busybox 1.36.1-r15 apk CVE-2023-42364 Medium | ||
| busybox 1.36.1-r15 apk CVE-2023-42363 Medium | ||
| busybox-binsh 1.36.1-r15 apk CVE-2023-42366 Medium | ||
| busybox-binsh 1.36.1-r15 apk CVE-2023-42365 Medium | ||
| busybox-binsh 1.36.1-r15 apk CVE-2023-42364 Medium | ||
| busybox-binsh 1.36.1-r15 apk CVE-2023-42363 Medium | ||
| ssl_client 1.36.1-r15 apk CVE-2023-42366 Medium | ||
| ssl_client 1.36.1-r15 apk CVE-2023-42365 Medium | ||
| ssl_client 1.36.1-r15 apk CVE-2023-42364 Medium | ||
| ssl_client 1.36.1-r15 apk CVE-2023-42363 Medium | ||
| NAME INSTALLED FIXED-IN TYPE VULNERABILITY SEVERITY | ||
| busybox 1.36.1-r15 apk CVE-2023-42366 Medium | ||
| busybox 1.36.1-r15 apk CVE-2023-42365 Medium | ||
| busybox 1.36.1-r15 apk CVE-2023-42364 Medium | ||
| busybox 1.36.1-r15 apk CVE-2023-42363 Medium | ||
| busybox-binsh 1.36.1-r15 apk CVE-2023-42366 Medium | ||
| busybox-binsh 1.36.1-r15 apk CVE-2023-42365 Medium | ||
| busybox-binsh 1.36.1-r15 apk CVE-2023-42364 Medium | ||
| busybox-binsh 1.36.1-r15 apk CVE-2023-42363 Medium | ||
| golang.org/x/net v0.17.0 0.23.0 go-module GHSA-4v7x-pqxf-cx7m Medium | ||
| ssl_client 1.36.1-r15 apk CVE-2023-42366 Medium | ||
| ssl_client 1.36.1-r15 apk CVE-2023-42365 Medium | ||
| ssl_client 1.36.1-r15 apk CVE-2023-42364 Medium | ||
| ssl_client 1.36.1-r15 apk CVE-2023-42363 Medium | ||
| ``` | ||
|
|
||
| ### weave: (18) | ||
| ### weave: (19) | ||
|
|
||
| ``` | ||
| NAME INSTALLED FIXED-IN TYPE VULNERABILITY SEVERITY | ||
| busybox 1.36.1-r15 apk CVE-2023-42366 Medium | ||
| busybox 1.36.1-r15 apk CVE-2023-42365 Medium | ||
| busybox 1.36.1-r15 apk CVE-2023-42364 Medium | ||
| busybox 1.36.1-r15 apk CVE-2023-42363 Medium | ||
| busybox-binsh 1.36.1-r15 apk CVE-2023-42366 Medium | ||
| busybox-binsh 1.36.1-r15 apk CVE-2023-42365 Medium | ||
| busybox-binsh 1.36.1-r15 apk CVE-2023-42364 Medium | ||
| busybox-binsh 1.36.1-r15 apk CVE-2023-42363 Medium | ||
| curl 8.5.0-r0 apk CVE-2024-0853 Medium | ||
| curl 8.5.0-r0 apk CVE-2024-2466 Unknown | ||
| curl 8.5.0-r0 apk CVE-2024-2398 Unknown | ||
| curl 8.5.0-r0 apk CVE-2024-2004 Unknown | ||
| libuv 1.47.0-r0 apk CVE-2024-24806 High | ||
| nghttp2-libs 1.58.0-r0 apk CVE-2024-28182 Medium | ||
| ssl_client 1.36.1-r15 apk CVE-2023-42366 Medium | ||
| ssl_client 1.36.1-r15 apk CVE-2023-42365 Medium | ||
| ssl_client 1.36.1-r15 apk CVE-2023-42364 Medium | ||
| ssl_client 1.36.1-r15 apk CVE-2023-42363 Medium | ||
| NAME INSTALLED FIXED-IN TYPE VULNERABILITY SEVERITY | ||
| busybox 1.36.1-r15 apk CVE-2023-42366 Medium | ||
| busybox 1.36.1-r15 apk CVE-2023-42365 Medium | ||
| busybox 1.36.1-r15 apk CVE-2023-42364 Medium | ||
| busybox 1.36.1-r15 apk CVE-2023-42363 Medium | ||
| busybox-binsh 1.36.1-r15 apk CVE-2023-42366 Medium | ||
| busybox-binsh 1.36.1-r15 apk CVE-2023-42365 Medium | ||
| busybox-binsh 1.36.1-r15 apk CVE-2023-42364 Medium | ||
| busybox-binsh 1.36.1-r15 apk CVE-2023-42363 Medium | ||
| curl 8.5.0-r0 apk CVE-2024-0853 Medium | ||
| curl 8.5.0-r0 apk CVE-2024-2466 Unknown | ||
| curl 8.5.0-r0 apk CVE-2024-2398 Unknown | ||
| curl 8.5.0-r0 apk CVE-2024-2004 Unknown | ||
| golang.org/x/net v0.17.0 0.23.0 go-module GHSA-4v7x-pqxf-cx7m Medium | ||
| libuv 1.47.0-r0 apk CVE-2024-24806 High | ||
| nghttp2-libs 1.58.0-r0 apk CVE-2024-28182 Medium | ||
| ssl_client 1.36.1-r15 apk CVE-2023-42366 Medium | ||
| ssl_client 1.36.1-r15 apk CVE-2023-42365 Medium | ||
| ssl_client 1.36.1-r15 apk CVE-2023-42364 Medium | ||
| ssl_client 1.36.1-r15 apk CVE-2023-42363 Medium | ||
| ``` | ||
|
|
||
| ### weaveexec: (18) | ||
| ### weaveexec: (19) | ||
|
|
||
| ``` | ||
| NAME INSTALLED FIXED-IN TYPE VULNERABILITY SEVERITY | ||
| busybox 1.36.1-r15 apk CVE-2023-42366 Medium | ||
| busybox 1.36.1-r15 apk CVE-2023-42365 Medium | ||
| busybox 1.36.1-r15 apk CVE-2023-42364 Medium | ||
| busybox 1.36.1-r15 apk CVE-2023-42363 Medium | ||
| busybox-binsh 1.36.1-r15 apk CVE-2023-42366 Medium | ||
| busybox-binsh 1.36.1-r15 apk CVE-2023-42365 Medium | ||
| busybox-binsh 1.36.1-r15 apk CVE-2023-42364 Medium | ||
| busybox-binsh 1.36.1-r15 apk CVE-2023-42363 Medium | ||
| curl 8.5.0-r0 apk CVE-2024-0853 Medium | ||
| curl 8.5.0-r0 apk CVE-2024-2466 Unknown | ||
| curl 8.5.0-r0 apk CVE-2024-2398 Unknown | ||
| curl 8.5.0-r0 apk CVE-2024-2004 Unknown | ||
| libuv 1.47.0-r0 apk CVE-2024-24806 High | ||
| nghttp2-libs 1.58.0-r0 apk CVE-2024-28182 Medium | ||
| ssl_client 1.36.1-r15 apk CVE-2023-42366 Medium | ||
| ssl_client 1.36.1-r15 apk CVE-2023-42365 Medium | ||
| ssl_client 1.36.1-r15 apk CVE-2023-42364 Medium | ||
| ssl_client 1.36.1-r15 apk CVE-2023-42363 Medium | ||
| NAME INSTALLED FIXED-IN TYPE VULNERABILITY SEVERITY | ||
| busybox 1.36.1-r15 apk CVE-2023-42366 Medium | ||
| busybox 1.36.1-r15 apk CVE-2023-42365 Medium | ||
| busybox 1.36.1-r15 apk CVE-2023-42364 Medium | ||
| busybox 1.36.1-r15 apk CVE-2023-42363 Medium | ||
| busybox-binsh 1.36.1-r15 apk CVE-2023-42366 Medium | ||
| busybox-binsh 1.36.1-r15 apk CVE-2023-42365 Medium | ||
| busybox-binsh 1.36.1-r15 apk CVE-2023-42364 Medium | ||
| busybox-binsh 1.36.1-r15 apk CVE-2023-42363 Medium | ||
| curl 8.5.0-r0 apk CVE-2024-0853 Medium | ||
| curl 8.5.0-r0 apk CVE-2024-2466 Unknown | ||
| curl 8.5.0-r0 apk CVE-2024-2398 Unknown | ||
| curl 8.5.0-r0 apk CVE-2024-2004 Unknown | ||
| golang.org/x/net v0.17.0 0.23.0 go-module GHSA-4v7x-pqxf-cx7m Medium | ||
| libuv 1.47.0-r0 apk CVE-2024-24806 High | ||
| nghttp2-libs 1.58.0-r0 apk CVE-2024-28182 Medium | ||
| ssl_client 1.36.1-r15 apk CVE-2023-42366 Medium | ||
| ssl_client 1.36.1-r15 apk CVE-2023-42365 Medium | ||
| ssl_client 1.36.1-r15 apk CVE-2023-42364 Medium | ||
| ssl_client 1.36.1-r15 apk CVE-2023-42363 Medium | ||
| ``` | ||
|
|